K, Santhosh
(2011)
Distributed Detection of DDOS Attack.
Masters thesis, Indian Institute of Technology, Hyderabad.
Abstract
Denial Of Service (DOS) and Distributed Denial Of Service (DDOS) attacks are attempts to make
a server resources unavailable to its intended users. Information Security has three fundamental
objectives: they are information integrity, condentiality and availability. Denial Of Service attack
is an attack on availability. In this attack the attacker makes the server busy in processing illegitimate
requests thereby making server resources unavailable for legitimate clients. In Distributed Denial
Of Service attack, multiple DOS attacks are carried out from several slaves (infected systems which
are choosen as attacking agents) at a time on the victim (target server). SYN
ooding DDOS
attack is one type of DDOS attack. In SYN
ooding DDOS attack, TCP SYN packets are used as
attack packets. In SYN
ooding DDOS attack, the attacker sends
ood of SYN packets to victim
server with spoofed source IP addresses. Server stores the state information of each of these attack
connections. Server responds with SYN-ACK packets which are destined to spoofed IP addresses,
so attacker do not recieves SYN-ACK packets. It causes the wastage of server resources in storing
connection information of half open connections (Half open connection is a connection which is
established from only one side of communicating parties). The victim server is busy in processing
SYN requests which are originted from attacker, thus server is in a position to not serve for legitimate
clients.
Actions (login required)
|
View Item |