Defeating Distributed Denial of Service Attacks

T he notorious, crippling attack on e-commerce’s top companies in February 2000 and the recurring evidence of active network scanning—a sign of attackers looking for network weaknesses all over the Internet—are harbingers of future Distributed Denial of Service (DDoS) attacks. They signify the continued dissemination of the evil daemon programs that are likely to lead to repeated DDoS attacks in the foreseeable future. Simply put, a DDoS attack saturates a network. It simply overwhelms the target server with an immense volume of traffic that prevents normal users from accessing the server. In contrast to other types of DoS attacks that operate on an individual basis, these distributed attacks rely on recruiting a fleet of “zombie” computers that unwittingly join forces to flood the victim server. Security experts generally acknowledge that the long-term solution to thwart future attempts of this type is to increase the security level of all Internet computers. Attackers would then be unable to find zombie computers to control. Internet users would also have to set up globally coordinated filters to stop attacks early. However,the critical challenge in these solutions lies in identifying the incentives for the Internet’s tens of millions of independent companies and individuals to cooperate on security and traffic control issues that do not appear to directly affect them. We give a brief introduction to