Abstract
In this work, we present a vulnerability in monoprocess or monothreaded servers that allows the execution of DoS attacks with the peculiarity that they are generated by low rate traffic. This feature makes the attack less vulnerable to detection by current IDS systems, which usually expect high rate traffic. The intruder can take advantage of some knowledge about the inter-output times in the server to build the attack. We have simulated and tested it in a real environment, obtaining worrying conclusions due to the efficiency achieved by the attack, with low effort from the attacker.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Williams, M.: Ebay, amazon, buy.com hit by attacks, 02/09/00. IDG News Service (2000), http://www.nwfusion.com/news/2000/0209attack.html
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review 34(2) (April 2004)
CERT Coordination Center, Denial of Service attacks, Available from: http://www.cert.org/tech_tips/denial_of_service
Computer Security Institute and Federal Bureau of Investigation, CSI/FBI Computer crime and security survey 2001, CSI (March 2001), Available from : http://www.gocsi.com
: Inferring Internet Denial of Service activity. In: Proceedings of the USENIX Security Symposium, Washington, DC, USA, pp. 9–22 (2001)
Ferguson, P., Senie, D.: Network ingress filtering: defeating Denial of Service attacks which employ IP source address spoofing, in RFC 2827 (2001)
Global Incident analysis Center - Special Notice - Egress filtering. Available from: http://www.sans.org/y2k/egress.htm
Geng, X., Whinston, A.B.: Defeating Distributed Denial of Service attacks. IEEE IT Professional 2(4), 36–42 (2000)
Weiler, N.: Honeypots for Distributed Denial of Service. In: Proceedings of the Eleventh IEEE International Workshops Enabling Technologies: Infrastructure for Collaborative Enterprises 2002, Pitsburgh, PA, USA, June 2002, pp. 109–114 (2002)
Axelsson, S.: Intrusion detection systems: a survey and taxonomy. Department of Computer Engineering, Chalmers University, Goteborg, Sweden. Technical Report 99-15 (March 2000)
Talpade, R.R., Kim, G., Khurana, S.: NOMAD: Traffic-based network monitoring framework for anomaly detection. In: Proceedings of the Fourth IEEE Symposium on Computers and Communications (1998)
Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of Distributed Denial of Service Attacks using MIB traffic variables - a feasibility study. In: Proceedings of the 7th IFIP/IEEE Internation Symposium on Integrated Network Management, Seattle, WA, May 14-18 (2001)
Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proceedings of ICNP 2002, Paris, France, pp. 312–321 (2002)
DDoS attacks and defense mechanisms: classification and state-of-the-art, in Computer Networks 44, 643-646 (2004)
Kuzmanovic, A., Knightly, E.: Low Rate TCP-targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants). In: Proc. ACM SIGCOMM 2003, August 2003, pp. 75–86 (2003)
Sun, H., Lui, J.C.S., Yau, D.K.Y.: Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection. In: Proc. IEEE Conference on Network Protocols (ICNP 2004), October 2004, pp. 196–205 (2004)
Yang, G., Gerla, M., Sanadidi, M.Y.: Randomization: Defense Against Low-rate TCP-targeted Denial-of-Service Attacks. In: Proc. IEEE Symposium on Computers and Communications, July 2004, pp. 345–350 (2004)
Shevtekar, A., Anantharam, K., Ansari, N.: Low Rate TCP Denial-of-Service Attack Detection at Edge Routers. IEEE Communications Letters 9(4), 363–365 (2005)
SANS Institute. NAPTHA: A new type of Denial of Service Attack (December 2000), http://rr.sans.org/threats/naptha2.php
Martin, R.R.: Basic Traffic Analysis. Prentice-Hall Inc., Englewood Cliffs (1993)
Network Simulator 2, Available at: http://www.isi.edu/nsnam/ns/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maciá-Fernández, G., Díaz-Verdejo, J.E., García-Teodoro, P. (2006). Low Rate DoS Attack to Monoprocess Servers. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds) Security in Pervasive Computing. SPC 2006. Lecture Notes in Computer Science, vol 3934. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734666_5
Download citation
DOI: https://doi.org/10.1007/11734666_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33376-0
Online ISBN: 978-3-540-33377-7
eBook Packages: Computer ScienceComputer Science (R0)