References


[ABKM01] D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, and R. Morris, "Resilient Overlay Networks," Proceedings of 18th ACM Symposium on Operating Systems Principles (SOSP 2001), October 2001, pp. 131 145.

[ACF+99] J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner, State of the Practice of Intrusion Detection Technologies, Technical Report CMU/SEI-99-TR-028, Software Engineering Institute, 1999.

[Ada80] D. Adams, Hitchhiker's Guide to the Galaxy, Harmony Books, 1980.

[Adl02] M. Adler, "Tradeoffs in Probabilistic Packet Marking for IP Traceback," Proceedings of the 34th annual ACM Symposium on Theory of Computing, ACM Press, 2002, pp. 407 418.

[AJ] A. Jesdanun, "New computer Virus Variant Floods Web Sites of Anti-Spam Activists," Associated Press, 3 Dec 2003, http://www.securityfocus.com/news/7575.

[AJB00] R. Albert, H. Jeong, and A. L. Barabási, "Error and Attack Tolerance in Complex Networks," Nature, vol. 406, no. 6794, July 2000, pp. 378 382.

[And02] M. Andress, "Denial of Service: Fighting Back," Network World Fusion, 2 Sep 2002, http://www.nwfusion.com/reviews/2002/0902rev.html.

[api04] Revision of the Computer Misuse Act: Report of an Inquiry by the All Party Internet Group, June 2004. The report and background files are available at http://www.apig.org.uk/computer_misuse_act_inquiry.htm.

[Bar64] P. Baran, On distributed communications, Memoranda RM-3420-PR, RM-3103-PR, RM-3578-PR, RM-3638-PR, RM-3097-PR, RM-3762-PR, RM-3763-PR, RM-3764-PR, RM-3765-PR, RM-3766-PR, RM-3767-PR, RAND Corporation, August 1964.

[Bar02] A. L. Barabási, LINKED: The New Science of Networks, Perseus Books, 2002.

[BBC+04] A. Bavier, M. Bowman, B. Chun, D. Culler, S. Karlin, S. Muir, L. Peterson, T. Roscoe, T. Spalink, and M. Wawrzoniak, "Operating System Support for Planetary-Scale Network Services," Proceedings of the USENIX First Symposium on Networked Systems Design and Implementation (NSDI 2004), March 2004, pp. 253 266.

[Bej04] R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection, Addison-Wesley, 2004.

[Bell] D. E. Bell and L. J. LaPadula, Secure Computer Systems: Mathematical Foundations and Model, Technical Report M74-244, The MITRE Corp., Bedford, MA, 1973.

[Bid05] H. Bidgoli Ed., The Handbook of Information Security, John Wiley & Sons, 2005.

[BCC+98] B. Braden, D. Clark, J. Crowcroft, B. Davie, S. Deering, D. Estrin, S. Floyd, V. Jacobson, G. Minshall, C. Partridge, L. Peterson, K. Ramakrishnan, S. Shenker, J. Wroclawski, and L. Zhang, "Recommendations on Queue Management and Congestion Avoidance in the Internet," IETF RFC 2309, April 1998, http://www.ietf.org/rfc/rfc2309.txt.

[bDD02] D. Dittrich (modified application), tcpdstat (uw mods), 2002, http://staff.washington.edu/dittrich/misc/core02/tcpdstat-uw.tgz.

[Bel03] S. Bellovin, "The Security Flag in the IPv4 header," IETF RFC 3514, April 2003, http://www.ietf.org/rfc/rfc3514.txt.

[Ber] D. J. Bernstein, "SYN Cookies," http://cr.yp.to/syncookies.html.

[Bin00] BindView Corp., "The Naptha DoS Vulnerabilty," November 2000, http://www.bindview.com/Support/RAZOR/Advisories/2000/adv_NAPTHA.cfm.

[BK01] D. Brezinski and T. Killalea, "Guidelines for Evidence Collection and Archiving," IETF RFC 3227, February 2002, also Best Current Practice 55, http://www.ietf.org/rfc/rfc3227.txt.

[BLT01] S. Bellovin, M. Leech, and T. Taylor, "ICMP Traceback Messages," Internet draft, work in progress, October 2001.

[BN] M. Ward, "Interpol Patrols the Web," BBC Online News, 30 Jun 2000, http://news.bbc.co.uk/1/hi/sci/tech/812764.stm.

[Bon97] V. J. Bono, "7007 Explanation and Apology," April 1997. Appears in NANOG mailing list, http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html.

[Boy] Col J. R. Boyd, "Boyd's OODA loop" from "the Essence of Winning and Losing," http://www.d-n-i.net/fcs/ppt/boyds_ooda_loop.ppt.

[BR00] D. Bruschi and E. Rosti, "Disarming Offense to Facilitate Defense," Proceedings of the New Security Paradigms Workshop (NSPW 2000), ACM Press, September 2000, pp. 69 75.

[BR01] D. Bruschi and E. Rosti, "AngeL: A Tool to Disarm Computer Systems," Proceedings of the New Security Paradigms Workshop (NSPW 2001), ACM Press, September 2001, pp. 63 69.

[BRK02] S. Byers, A. D. Rubin, and D. Kormann, "Defending against an Internet-Based Attack on the Physical World," Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, ACM Press, November 2002, pp. 11 18.

[Bru] D. Brumley, RID, http://packetstormsecurity.nl/distributed/rid-1_0.tgz.

[BS03] J. Bellardo and S. Savage, "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions," Proceedings of the 12th USENIX Security Symposium, August 2003, pp. 15 28.

[Car04] H. Carvey, Windows Forensics and Incident Recovery, Addison-Wesley, 2004.

[CERa] CERT Coordination Center, "CERT Advisory CA 1997-28, IP Denial-of-Service Attacks," December 1997, http://www.cert.org/advisories/CA-1997-28.html.

[CERb] CERT Coordination Center, "CERT Advisory CA 1999-17, Denial-of-Service Tools," December 1999, http://www.cert.org/advisories/CA-1999-17.html.

[CERc] CERT Coordination Center, "Handbook for computer security incident response teams (CSIRTS)," December 1998; revised April 2003, http://www.cert.org/archive/pdf/csirt-handbook.pdf.

[CERd] CERT Coordination Center, "How the FBI Investigates Computer Crime," http://www.cert.org/tech_tips/FBI_investigates_crime.html.

[CERe] CERT Coordination Center, Web page, http://www.cert.org/.

[CER96] CERT Coordination Center, "CERT Advisory CA 1996-21, TCP SYN Flooding and IP Spoofing Attacks," September 1996; revised November 2000, http://www.cert.org/advisories/CA-1996-21.html.

[CER98a] CERT Coordination Center, "CERT Advisory CA 1998-13, Vulnerability in Certain TCP/IP Implementations," December 1998, http://www.cert.org/advisories/CA-1998-13.html.

[CER98b] CERT Coordination Center, "CERT Summary CS 1998-02, SPECIAL EDITION Denial of Service Attacks Targeting Windows 95/NT Machines," March 1998, http://www.cert.org/summaries/CS-98.02.html.

[CER99] CERT Coordination Center, "Results of the Distributed-Systems Intruder Tools Workshop," December 1999, http://www.cert.org/reports/dsit_workshop-final.html.

[CER00] CERT Coordination Center, "CERT Advisory CA 2000-21, Denial-of-Service Vulnerabilities in TCP/IP Stacks," November 2000, http://www.cert.org/advisories/CA-2000-21.html.

[CER01a] CERT Coordination Center, "CERT Advisory CA 2001-19, "Code Red" Worm Exploiting Buffer Overflow in Its Indexing Service DLL," January 2001, http://www.cert.org/advisories/CA-2001-19.html.

[CER01b] CERT Coordination Center, "CERT Incident Note IN 2000-05, "Mstream" Distributed Denial of Service Tool," May 2000, http://www.cert.org/incident_notes/IN-2000-05.html.

[CER01c] CERT Coordination Center, "CERT Incident Note IN 2001-07, W32/Leaves: Exploitation of previously installed SubSeven Trojan Horses," July 2001, http://www.cert.org/incident_notes/IN-2001-07.html.

[CER03] CERT Coordination Center, "CERT Advisory CA 2003-08, Increased Activity Targeting Windows Shares," March 2003, http://www.cert.org/advisories/CA-2003-08.html.

[CER04] CERT Coordination Center, "SiLK: System for Internet-Level Knowledge," 2004, http://www.cert.org/analysis/silk.html.

[Cho00] K. Cho, K. Mitsuya, and A. Kato, "Traffic data repository at the WIDE project," Proceedings of the USENIX Annual Technical Conference, June 2000, pp. 263-270, http://citeseer.ist.psu.edu/cho00traffic.html.

[CIPS] Computer Crime and U.S. Department of Justice Intellectual Property Section, Criminal Division, "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations," http://www.cybercrime.gov/searchmanual.pdf.

[CKK] K. Cho, R. Kaizaki, and A. Kato, "Aguri: An Aggregation-Based Traffic Profiler," Proceedings of the Second International Workshop on Quality of Future Internet Services, LNCS 2156, Springer Verlag, September 2001, pp. 222-242, ftp://ftp.csl.sony.co.jp/pub/kjc/papers/aguri.ps.gz.

[CL03] Z. Chen and M. C. Lee, "An IP Traceback Technique against Denial-of-Service Attacks," Proceedings of 19th Annual Computer Security Applications Conference(ACSAC 2003), December 2003, pp. 96 105.

[CMK+03] D. L. Cook, W. G. Morein, A. D. Keromytis, V. Misra, and D. Rubenstein, "WebSOS: Protecting Web Servers from DDoS attacks," Proceedings of the 11th IEEE International Conference on Networks (ICON 2003), September 2003, pp. 455 460.

[CN] C. Nuttall, "Crime Gangs Extort Money with Hacking Threat," The Financial Times, 11 Dec 2003, http://www.rense.com/general44/hack.htm.

[CNN] CNN, "FBI Web Site Hacked Last Week," 26 Feb 2000, http://www.cnn.com/2000/TECH/computing/02/26/fbi.hackers/.

[Con] Internet2 Consortium, Internet 2 Web page, http://www.internet2.edu/.

[CR04] M. Collins and M. K. Reiter, "An Empirical Analysis of Target-Resident DoS Filters." Proceedings of IEEE Symposium on Security and Privacy, May 2004, pp. 103 114.

[CW03] S. A. Crosby and D. S. Wallach, "Denial of Service via Algorithmic Complexity Attacks," Proceedings of 12th USENIX Security Symposium, August 2003, pp. 29 44.

[Del] M. Delio, "Microsoft Crashes: The Fallout," Wired News, 26 Jan 2001, http://www.wired.com/news/business/0,1367,41454,00.html.

[Dev] The Cygwin Developers, The Cygwin GNU development environment for Windows, http://www.cygwin.com.

[DFS01] D. Dean, M. Franklin, and A. Stubblefield, "An Algebraic Approach to IP Traceback," Proceedings of the Network and Distributed System Security Symposium (NDSS), February 2001, pp. 3 12.

[DFS02] D. Dean, M. Franklin, and A. Stubblefield, "An Algebraic Approach to IP Traceback," ACM Transactions on Information and System Security (TISSEC), vol. 5, no. 2, 2002, pp. 119 137.

[Die01] S. Dietrich, "Survivability with a Twist," USENIX ;login: Security Issue, November 2001, http://www.usenix.org/publications/login/2001-11/pdfs/dietrich.pdf.

[Dita] D. Dittrich, "Analysis of the "Power" Bot," August 2001, http://staff.washington.edu/dittrich/misc/power.analysis.txt.

[Ditb] D. Dittrich, "Basic Steps in Forensic Analysis of UNIX Systems," 2001, http://staff.washington.edu/dittrich/misc/forensics/.

[Ditc] D. Dittrich, "Developing an Effective Incident Cost AnalysisMechanism," Security Focus, 12 Jun 2002, http://online.securityfocus.com/infocus/1592.

[Ditd] D. Dittrich, "Distributed Denial of Service (DDoS) Attacks/Tools," 2000, http://staff.washington.edu/dittrich/misc/ddos/.

[Dite] D. Dittrich, "Estimating the Cost of Damages Due to a Security Incident," 2000, http://staff.washington.edu/dittrich/misc/faqs/incidentcosts.faq.

[Ditf] D. Dittrich, "The DoS Project's Trinoo Distributed Denial of Service Attack Tool," October 1999, http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt.

[Ditg] D. Dittrich, "The Stacheldraht Distributed Denial of Service Attack Tool," December 1999, http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt.

[Dith] D. Dittrich, "The Tribe Flood Network Distributed Denial of Service Attack Tool," October 1999, http://staff.washington.edu/dittrich/misc/tfn.analysis.txt.

[Dit01] D. Dittrich, "Analysis of SSH CRC32 Compensation Attack Detector Exploit," November 2001, http://staff.washington.edu/dittrich/misc/ssh-analysis.txt.

[DLD00] S. Dietrich, N. Long, and D. Dittrich, "Analyzing Distributed Denial of Service Tools: The Shaft Case," Proceedings of 14th USENIX Systems Administration Conference (LISA 2000), December 2000, pp. 329 339, http://www.adelphi.edu/~spock/lisa2000-shaft.pdf.

[DMS04] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-Generation Onion Router," Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 303 320, http://freehaven.net/tor/tor-design.pdf.

[DWDL] D. Dittrich, G. Weaver, S. Dietrich, and N. Long, "The Mstream Distributed Denial of Service Attack Tool," May 2000, http://staff.washington.edu/dittrich/misc/mstream.analysis.txt.

[Eag03] C. Eagle, "Strike/counter-strike: Reverse Engineering Shiva," Proceedings of BlackHat Federal 2003, October 2003, http://www.blackhat.com/presentations/bh-federal-03/bh-federal-03-eagle/bh-fed-03-eagle.pdf.

[EFL+99] R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson, T. A. Longstaff, and N. R. Mead, "Survivability: Protecting your critical systems," IEEE Internet Computing, vol. 3, no. 6, 1999, pp. 55 63.

[el] SANS UNISOG e-mail list, Thread on Register.com DNS Attack, http://staff.washington.edu/dittrich/misc/ddos/register.com-unisog.txt.

[Ele] Electronic Privacy Information Center, The Gramm-Leach-Bliley Act, http://www.epic.org/privacy/glba/.

[eur04] EURIM Group, Working paper 4: Roles and Procedures for Investigation, May 2004, http://www.eurim.org/consult/e-crime/dec03/ECS_WP4_web_031209.htm.

[fbi] FBI Los Angeles field office, Web page, http://losangeles.fbi.gov/.

[Fis03] D. Fisher, "Thwarting the Zombies," eWeek, March 31, 2003.

[Flo00] S. Floyd, "Congestion Control Principles," IETF RFC 2914, September 2000, http://www.ietf.org/rfc/rfc2914.txt.

[fra] C. Doyle, "Cybercrime: A sketch of 18 U.S.C. §1030 and Related Federal Criminal Laws," http://www.ipmall.info/hosted_resources/crs/RS20830_031124.pdf.

[FS00] P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing," IETF RFC 2827, May 2000, http://www.ietf.org/rfc/rfc2827.txt.

[FSBK03] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical Approaches to DDoS Attack Detection and Response," Proceedings of 3rd DARPA Information Survivability Conference and Exposition (DISCEX 2003), April 2003, pp. 303 314.

[Gam] G. Byrne, "Security Issues of Online Gaming," GameDev.net, http://www.gamedev.net/reference/articles/article2062.asp.

[GCD+04] C. Gates, M. Collins, M. Duggan, A. Kompanek, and M. Thomas, "More Netflow Tools for Performance and Security," Proceedings of the 18th USENIX Large Installation System Administration Conference (LISA 2004), November 2004.

[GMP04] K. Giles, D. Marchette, and C. Priebe, "On the Spectral Analysis of Backscatter Data," Proceedings of the 2004 Hawaii International Conference on Statistics, Mathematics, and Related Fields, June 2004.

[GMR01] B. W. Gemberling, C. L. Morrow, and B. R. Greene, "ISP Security: Real World Techniques," October 2001, http://www.nanog.org/mtg-0110/greene.html.

[GOM03] T. H. Grubesic, M. E. O'Kelly, and A. T. Murray, "A Geographic Perspective on Commercial Internet Survivability," Telematics and Informatics, vol. 20, no. 1, February 2003, pp. 51 69.

[Gra] P. Gray, "DDoS Attack Cripples Uecomm's AU links," ZDNet, 20 Mar 2003, http://www.zdnet.com.au/news/security/0,2000061744,20273027,00.htm.

[Gre02] B. Greene, BGPv4 Security Risk Assessment, Cisco white paper, June 200, http://www.cymru.com/Documents/barry2.pdf.

[Har] A. Harrison, "Cyberassaults Hit Buy.com, eBay, CNN, and Amazon.com," Computerworld, 9 Feb 2000, http://www.computerworld.com/news/2000/story/0,11280,43010,00.html.

[Har68] G. Hardin. "The Tragedy of the Commons," Science, vol. 162, 1968, pp. 1243-1248.

[Hex01] H. HexXer, "CodeGreen." Appears in a mailing list and is available in the archives, 2001, http://archives.neohapsis.com/archives/vuln-dev/2001-q3/0575.html.

[Hon04] The Honeynet Project, Know Your Enemy: Learning about Security Threats, 2nd Edition, Addison-Wesley, 2004.

[HHP03] A. Hussain, J. Heidemann, and C. Papadopoulos, "A Framework for ClassifyingDenial of Service Attack," Proceedings of ACM SIGCOMM 2003, August 2003, pp. 99 110.

[Him04a] K. E. Himma, "The Ethics of Tracing Hacker Attacks through the Machines of Innocent Persons," International Journal of Information Ethics, 2004.

[Him04b] K. E. Himma, "Targeting the Innocent: Active Defense and the Moral Immunity of Innocent Persons from Aggression," Journal of Information, Communication, and Ethics in Society, vol. 2, no. 1, January 2004.

[hip] Health Insurance Portability and Accountability Act (HIPAA), http://www.hipaa.org/.

[HMP+01] A. Householder, A. Manion, L. Pesante, G. Weaver, and R. Thomas, Managing the Threat of Denial-of-Service Attacks, Technical Report, CERT Coordination Center, October 2001, http://www.cert.org/archive/pdf/Managing_DoS.pdf.

[HWLT01] K. J. Houle, G. M. Weaver, N. Long, and R. Thomas, Trends in Denial of Service Attack Technology, Technical Report, CERT Coordination Center, October 2001, http://www.cert.org/archive/pdf/DoS_trends.pdf.

[IAA] European Commission Information Society, "Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries," http://europa.eu.int/information_society/eeurope/2005/all_about/security/handbook/text_en.htm.

[IB02] J. Ioannidis and S. M. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks," Proceedings of Network and Distributed System Security Symposium (NDSS), February 2002, The Internet Society.

[Ins81a] Information Sciences Institute, "Internet Protocol," IETF RFC 791, September 1981, http://www.ietf.org/rfc/rfc0791.txt.

[Ins81b] Information Sciences Institute, "Transmission Control Protocol," IETF RFC 793, September 1981, http://www.ietf.org/rfc/rfc0793.txt.

[int] T. L. Putnam and D. D. Elliott, International Responses to Cyber-crime, Hover Press, http://www-hoover.stanford.edu/publications/books/fulltext/cybercrime/35.pdf.

[itCD97] Toward Deterrence in the Cyber Dimension, Report to the President's Commission on Critical Infrastructure Protection, 1997, http://www.timeusa.com/CIAO/resource/pccip/DeterrenceCyberDimension.pdf.

[JB99] A. Juels and J. Brainard, "Client puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks," Proceedings of the Networks and Distributed System Security Symposium (NDSS), March 1999, pp. 151 165.

[JKR02] J. Jung, B. Krishnamurthy, and M. Rabinovich, "Flash crowds And Denial of Service Attacks: Characterization and Implications for CDNS and Web Sites," Proceedings of 11th International World Wide Web Conference, May 2002, pp. 293 304.

[JL] J. Leyden, "Sobig linked to DDoS attacks on Anti-spam Sites," The Register, 25 Sep 2003, http://www.theregister.co.uk/content/56/33059.html.

[JM] M. Jakobsson and F. Menczer, "Untraceable E-mail Cluster Bombs: On Agent-Based Distributed Denial of Service," Preprint is available at http://www.informatics.indiana.edu/markus/papers/0305042.pdf.

[Jou00] F. Jou, "Design and Implementation of a Scalable Intrusion Detection System for the Protection of Network Infrastructure," Proceedings of 1st DARPA Information Survivability Conference and Exposition (DISCEX 2000), vol 2, January 2000, pp. 69 83, http://projects.anr.mcnc.org/JiNao/jouy_reviewed.ps.

[JPD] J. P. Davis, "The Experience of Bad Behavior in Online Social Spaces: A Survey of Online Users," Microsoft Research, Social Computing Group, http://research.microsoft.com/scg/papers/Bad%20Behavior%20Survey.pdf.

[JWS03] C. Jin, H. Wang, and K. G. Shin, "Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic," Proceedings of the 10th ACM Conference on Computer and Communication Security, ACM Press, October 2003, pp 30 41.

[KBE01] A. B Kulkarni, S. F. Bush, and S. C. Evans, "Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics," Technical Report 2001CRD176, General Electric Research and Development Center, December 2001.

[KC] K. Coale, "Romanian Cracker Takes Down the Undernet," Wired News, 14 Jan 1997, http://www.wired.com/news/technology/0,1282,1446,00.html.

[Ker03] O. S Kerr, "Cybercrime's Scope: Interpreting "Access" and "Authorization" in Computer Misuse Statutes," NYU Law Review, vol. 78, no. 5, November 2003, pp. 1596 1668, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=399740#PaperDownload.

[Kes] G. C Kessler, "Defenses Against Distributed Denial of Service Attacks," 2000, http://www.garykessler.net/library/ddos.html.

[Kle61] L. Kleinrock, Information Flow in Large Communications Nets, RLE Quarterly Progress Reports, July 1961.

[KLS00] S. Kent, C. Lynn, and K. Seo, "Secure Border Gateway Protocol (secure-bgp)," IEEE Journal on Selected Areas in Communications, vol. 18, no. 4, April 2000, pp. 582 592.

[KMR02] A. D Keromytis, V. Misra, and D. Rubenstein, "SOS: Secure Overlay Services," Proceedings of ACM SIGCOMM 2002, August 2002, pp. 61 72.

[KP] K. Poulsen, SecurityFocus, "Rise of the Spam Zombies," The Register, 27 Apr 2003, http://www.theregister.co.uk/content/55/30414.html.

[Lab04] Kaspersky Labs, "SymbianOS-based Worm Cabir," June 2004, http://www.kaspersky.com/news?id=149499226.

[LC04] B. Laurie and R. Clayton, "Proof-of-Work Proves Not to Work," Proceedings of the 3rd Annual Workshop on Economics and Information Security (WEIS 2004), March 2004, http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf.

[Leb] J. Lebbenga, "European Betting Sites Brace for Attack," The Register, 28 Jun 2004, http://www.theregister.co.uk/2004/06/28/betting_sites_attack/print.html.

[Lem] R. Lemos, "Attack on SCO Sites at an End," CNET News.com, 12 Dec 2003, http://news.com.com/2100-7355_3-5121828.html?tag=nefd_top.

[Leya] J. Leyden, "Phatbot Arrest Throws Open Trade in Zombie PCS," The Register, 12 May 2004, http://www.theregister.co.uk/2004/05/12/phatbot_zombie_trade/.

[Leyb] J. Leyden, "Extortionists Attack ibetx.com," The Register, 18 Apr 2004, http://www.theregister.co.uk/2004/04/18/online_bookie_ddos/.

[LF00] H. Lipson and D. Fisher, "Survivability A New Technical and Business Perspective on Security," Proceedings of the New Security Paradigms Workshop (NSPW 1999), ACM Press, September 2000, pp. 33 39, http://www.cert.org/archive/pdf/busperspec.pdf.

[Lip02] H. Lipson, Tracking and Tracing Cyber Attacks: Technical Challenges and Global Policy Issues, Technical Report SR009, Software Engineering Institute, 2002, http://www.cert.org/archive/pdf/02sr009.pdf.

[LMW+01] J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang, "SAVE: Source Address Validity Enforcement Protocol," Proceedings of IEEE INFOCOM 2002, March 2002, vol. 2, pp. 1557 1566.

[LTIG] LURHQ Threat Intelligence Group, "Phatbot Trojan Analysis," 15 Mar 2004, http://www.lurhq.com/phatbot.html.

[MB98] S. D. Mitchell and E. A. Banker, "Private Intrusion Response," Harvard Journal of Law and Technology, vol. 11, no. 3, Summer 1998, pp. 700 718, http://jolt.law.harvard.edu/articles/pdf/v11/11HarvJLTech699.pdf.

[MBF+02] R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," ACM SIGCOMM Computer Communications Review, vol. 32, no. 3, July 2002, pp. 62 73.

[McC03] J. McCormick, "2003 CSI/FBI Cybercrime Survey Shows Reduced Losses," TechRepublic.com, 23 Jun 2003.

[McH03] J. McHugh, "Locality: A New Paradigm for Thinking About Normal Behavior and Outsider Threat," Proceedings of the New Security ParadigmsWorkshop (NSPW 2003), ACM Press, August 2003, pp. 3 10.

[Meh03] N. Mehta, "Advances in Elf Runtime Binary Encryption Shiva," Proceedings of BlackHat USA, July 2003, http://www.blackhat.com/presentations/bh-usa-03/bhus-03-mehta/bh-us-03-mehta.pdf.

[mid] United States v. Middleton, 231 F.3d 1207, 1210 11 (9th Cir. 2000), http://www.tomwbell.com/NetLaw/Ch09/USvMiddleton.html.

[Mir03] J. Mirkovic, D-WARD: Source-End Defense Against Distributed Denial-of-Service Attacks, PhD thesis, University of California Los Angeles, August 2003, http://lasr.cs.ucla.edu/ddos/dward-thesis.pdf.

[MK03] M, Kotadia, "11,000 IP addresses found on accused hacker's PC," ZDNet UK, 8 Oct 2003, http://news.zdnet.co.uk/internet/security/0,39020375,39117005,00.htm.

[MPR02] J. Mirkovic, G. Prier, and P. Reiher, "Attacking DDoS at the Source," Proceedings of the 10th International Conference on Network Protocols (ICNP 2002), November 2002, pp. 312 322.

[MRR03] J. Mirkovic, M. Robinson, P. Reiher, and G. Kuenning, "Forming Alliance for DDoS Defenses," Proceedings of the New Security Paradigms Workshop (NSPW 2003), ACM Press, August 2003, pp. 11 18.

[MS03] D. Moore and C. Shannon, SCO Offline from Denial of Service Attack, Technical Report, CAIDA, December 2003, http://www.caida.org/analysis/security/sco-dos/.

[MSC+03] W. G Morein, A. Stavrou, D. L. Cook, A. D. Keromytis, V. Misra, and D. Rubenstein, "Using Graphic Turing Tests to Counter Automated DDoS Attacks Against Web Servers," Proceedings of the 10th ACM conference on Computer and Communication Security, ACM Press, October 2003, pp. 8 19.

[MV02] V. Mittal and G. Vigna, "Sensor-Based Intrusion Detection for Intra-Domain Distance-Vector Routing," Proceedings of the 9th ACM Conference on Computer and Communication Security, ACM Press, November 2002, pp. 127 137, http://www.cs.ucsb.edu/vigna/pub/2002_mittal_vigna_ccs02.pdf.

[MvOV96] A. J Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.

[MVS01] D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," Proceedings of the 10th USENIX Security Symposium, August 2001, pp. 9 22.

[Nag84] J. Nagle, "Congestion Control in IP/TCP," IETF RFC 896, January 1984, http://www.ietf.org/rfc/rfc0896.txt.

[Nar] R. Naraine, "Massive DDoS Attack Hit DNS Root Servers," internetnews.com, 23 Oct 2002, http://www.internetnews.com/dev-news/article.php/1486981.

[Naz03] J. Nazario, Defense and Detection Strategies against Internet Worms, Artech House, 2003.

[NIoJa] National Institute of Justice, Electronic Crime Scene Investigation: A Guide for First Responders, NCJ 187736, July 2001, http://www.ncjrs.org/pdffiles1/nij/187736.pdf.

[NIoJb] National Institute of Justice, Forensic Examination of Digital Evidence: A Guide for Law Enforcement, NCJ 199408, April 2004, http://www.ncjrs.org/pdffiles1/nij/199408.pdf.

[NIP01] NIPC/MITRE, find_ddos host scanner, 2001. Cited in NIPC Advisory on TRINOO/Tribal Flood Net/tfn2k.

[O'B] E. O'Brien. "NetBouncer: A Practical Client-Legitimacy-Based DDoS Defense via Ingress Filtering," http://www.networkassociates.com/us/_tier0/nailabs/_media/documents/netbouncer.pdf.

[oE] The Council of Europe, Convention on Cybercrime, Technical Report.

[oECFL] U.S. Department of Energy Computer Forensic Laboratory, First Responder's Manual, http://www.linuxsecurity.com/resource_files/documentation/firstres.pdf.

[Oet] T. Oetiker, MRTG: Multi-Router Traffic Grapher, http://people.ee.ethz.ch/~oetiker/webtools/mrtg/.

[oIC] Committee on Institutional Cooperation, ICAMP study reports, http://www.cic.uiuc.edu/groups/cic/listicampreports.shtml.

[oJa] U.S. Department of Justice, Field guidance on new authorities (redacted), enacted in the 2001 anti-terrorism legislation (USA Patriot Act), http://www.epic.org/privacy/terrorism/DOJ_guidance.pdf.

[oJb] U.S Department of Justice, Federal guidelines for searching and seizing computers, http://www.usdoj.gov/criminal/cybercrime/searching.html.

[Ope] North American Network Operators, NANOG Website, http://www.nanog.org/.

[Pax01] V. Paxson, "An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks," ACM SIGCOMM Computer Communications Review, vol. 31, no. 3, July 2001, pp. 38 47.

[pcc97] Adequacy of Criminal Law and Procedure (Cyber), a "Legal Foundations" study Report 7 of 12, Report to the President's Commission on Critical Infrastructure Protection, 1997, http://www.timeusa.com/CIAO/resource/pccip/lf07.pdf.

[Per02] C. Perkins, "IP Mobility Support for IPv4," IETF RFC 3344, August 2002, http://www.ietf.org/rfc/rfc3344.txt.

[PF] P. Festa, "Hackers Attack NASA, Navy," CNET News.com, 4 Mar 1998, http://digitalcity.com.com/2100-1001-208692.html?legacy=cnet.

[PL01] K. Park and H. Lee, "On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets," Proceedings of ACM SIGCOMM 2001, August 2001, pp. 15 26.

[PLM+03] C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, "Cossack: Coordinated Suppression of Simultaneous Attacks," Proceedings of 3rd DARPA Information Survivability Conference and Exposition (DISCEX 2003), vol. 2, April 2003, pp. 94 96.

[PN98] T. H. Ptacek and T. N. Newsham, Insertion, Evasion, andDenial of Service: Eluding Network Intrusion Detection, Technical Report, Secure Networks, Inc., January 1998.

[Pos80] J. Postel, "User Datagram Protocol," IETF RFC 768, August 1980, http://www.ietf.org/rfc/rfc0768.txt.

[Pos81] J. Postel, "Internet Control Message Protocol," IETF RFC 792, September 1981, http://www.ietf.org/rfc/rfc0792.txt.

[Pro] The Honeynet Project, "The forensic challenge," http://www.honeynet.org/challenge/.

[Pro03] N. Provos, "Improving Host Security with System Call Policies," Proceedings of the 12th USENIX Security Symposium, August 2003, pp. 257 272.

[Pro04] N. Provos, "A Virtual Honeypot Framework," Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 1 14. A preprint is avaiable as CITI-TR-03-1 at http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf.

[Reg] J. Leyden, "UK Teenager Accused of Electronic Sabotage Against us Port," The Register, 6 Oct 2003, http://www.theregister.co.uk/2003/10/06/uk_teenager_accused_of_electronic/.

[Ric] D. Richman, "Internet Attack Slows Web to a Crawl," Seattle Post-Intelligencer, 18 Jan 2000, http://seattlepi.nwsource.com/local/smrf18.shtml.

[Rob] P. Roberts, "Al-Jazeera Hobbled by DDoS Attack: News Site Targetted for Second Day," InfoWorld, 26 Mar 2003, http://www.infoworld.com/article/03/03/26/HNjazeera_1.html.

[rou97] daemon9/route, "LOKI2: (the implementation)," Phrack Magazine, vol. 7, no. 51, September 1997.

[sar] Financial Crimes Enforcement Network, "Guidance on Preparing Complete and Sufficient Suspicious Activity Report Narrative," http://www.irs.gov/pub/irs-tege/itg_sarc_prep.pdf.

[Ser] Congressional Research Service, Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress, http://fpc.state.gov/documents/organization/26009.pdf.

[Sha] N. Shachtman, "Porn Purveyors Getting Squeezed," Wired News, 10 Jul 2003, http://www.wired.com/news/print/0,1294,59574,00.html.

[SKK+97] C. Schuba, I. Krsul, M. Kuhn, G. Spafford, A. Sundaram, and D. Zamboni, "Analysis of a Denial of Service Attack on TCP," Proceedings of the IEEE Symposium on Security and Privacy, May 1997, pp. 208 223.

[Sko02] E. Skoudis. Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Prentice Hall, 2002.

[SMJ00] M. Smart, R. Malan, and F. Jahanian, "Defeating TCP/IP Stack Fingerprinting," Proceedings of the 9th USENIX Security Symposium, August 2000.

[SMS+01] L. Sanchez, W. Milliken, A. Snoeren, F. Tchakountio, C. Jones, S. Kent, C. Partridge, and W. Strayer, "Hardware Support for a Hash-Based IP Traceback," Proceedings of the 2nd DARPA Information Survivability Conference and Exposition (DISCEX 2001), June 2001, pp. 146 152.

[Sou] Sourcefire, Snort: The Open Source Network Intrusion Detection System, http://www.snort.org/.

[Spa89] E. H. Spafford, "The internet worm program: an analysis," ACM SIGCOMM Computer Communication Review, vol. 19, no. 1, January 1989, p.17 57.

[SP98] J. R. Suler and W. Phillips, "The Bad Boys of Cyberspace: Deviant Behavior in Online Multimedia Communities and Strategies for Managing It," 1998, http://www.rider.edu/~suler/psycyber/badboys.html.

[SP01] D. X. Song and A. Perrig, "Advanced and Authenticated Marking Schemes for IP Traceback," Proceedings of IEEE INFOCOM 2001, vol. 2, March 2001, pp. 878 886.

[Spi02] L. Spitzner, Honeypots: Tracking Hackers, Addison-Wesley, 2002.

[SPS+01] A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer, "Hash-Based IP Traceback," Proceedings of ACM SIGCOMM 2001, August 2001, pp. 3 14.

[SPS+02] A. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, and W. T. Strayer, "Single-Packet IP Traceback," IEEE/ACM Transactions on Networking, 2002, pp. 721 734.

[SSSW] S. Shankland, "Computer Security Teams Brace for Attacks," CNET News.com, 20 Dec 1999, http://news.com.com/2100-1001-234678.html?legacy=cnet&tag=st.ne.1002.

[Sto89] C. Stoll, The Cuckoo's Egg: tracking a spy through the maze of computer espionage, Doubleday, 1989.

[SWKA00] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical Network Support for IP Traceback," Proceedings of ACM SIGCOMM 2000, August 2000, pp. 295 306.

[Tea] Razor Team, Zombie Zapper, http://www.bindview.com/Support/RAZOR/Utilities/Unix_Linux/ZombieZapper_form.cfm.

[Tes] Team Teso, Burneye2 objobf - x86/Linux Elf Object Obfuscator, http://teso.scene.at/projects/objobf/.

[Tho] R. Thomas, Team Cymru Web site, http://www.cymru.com/.

[Uni] European Union, Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries, http://europa.eu.int/information_society/eeurope/2005/all_about/security/handbook/text_en.htm.

[USC] USC/ISI, DETER Project Web site, http://www.isi.edu/deter.

[vABHL03] L. von Ahn, M. Blum, N. Hopper, and J. Langford, "CAPTCHA: Using Hard AI Problems for Security," Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2003), May 2003, pp. 294 311.

[Val] Valinor, "Definition of IRC Channel Takeover," http://www.valinor.sorcery.net/glossary/channel-takeover.html.

[vLL] R. van Loon and J. Lo, "An IRC Tutorial," http://www.irchelp.org/irchelp/irctutorial.html.

[Wal02] M. Waldvogel, "GOSSIB vs. IP traceback rumors," Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002), December 2002, pp. 5 13.

[Wan00] C. Wang, A Security Architecture for Survivability Mechanisms, PhD thesis, Department of Computer Science, University of Virginia, October 2000, citeseer.ist.psu.edu/wang00security.html.

[Wat99] D. J. Watts, Small Worlds: The Dynamics of Networks Between Order and Randomness, Princeton University Press, 1999.

[Wik] Wikipedia, "Internet Trolling," Available at http://en.wikipedia.org/wiki/Internet_troll.

[Wil02] M. Williamson, "Throttling viruses: Restricting Propagation to Defeat Malicious Mobile Code," Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002), December 2002, pp. 61 68.

[WLS+02] B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar, "An integrated experimental environment for distributed systems and networks," Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), USENIX Association, December 2002, pp. 255 270.

[WR03] X. Wang and M. K. Reiter, "Defending Against Denial-of-Service Attacks with Puzzle Auctions," Proceedings of the IEEE Symposium on Security and Privacy, May 2003, pp. 78 92.

[Wright] G. R. Wright and R. W. Stevens, TCP/IP Illustrated, Vol. 2, Addison-Wesley, 1995.

[Wro02] G. Wroblewski, General Method of Program Code Obfuscation, PhD Thesis, Wroclaw University of Technology, Institute of Engineering Cybernetics, 2002.

[ws] NIPC Web site, "Former federal Court Systems Administrator Sentenced for Hacking into Government Computer System," http://www.nipc.gov/pressroom/pressrel/dennis.htm.

[YPS03] A. Yaar, A. Perrig, and D. Song, "Pi: A Path Identification Mechanism to Defend Against DDoS Attacks," Proceedings of the IEEE Symposium on Security and Privacy, May 2003, pp. 93 107.

[YPS04] A. Yaar, A. Perrig, and D. Song, "SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks," Proceedings of the IEEE Symposium on Security and Privacy, May 2004, pp. 130 143.

[Zal] M. Zalewski, "I Don't Think I Really Love You," or Writting [sic] Internet Worms for Fun and Profit, http://seclists.org/lists/vuln-dev/2000/May/0159.html.

[ZDn04] Reuters, "Scotland Yard and the Case of the Rent-a-Zombies," ZDnet.com, 7 Jul 2004, http://zdnet.com.com/2100-1105_2-5260154.html.

[Zor] M. Zorz, Logerror, "Massive Distributed Denial of Service Attack Hits ClickBank and SpamCop.net," http://www.ds-osac.org/view.cfm?KEY=7E4452434452&type=2B170C1E0A3A0F162820, also available at http://www.ds-osac.org/view.cfm?KEY=7E4452434452&type=2B170C1E0A3A0F162820, also available at http://www.ds-osac.org/view.cfm?KEY=7E4452434452&type=2B170C1E0A3A0F162820

[ZPW+02] X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "Detection of Invalid Routing Announcement in the Internet," Proceedings of International Conference on Dependable Systems and Networks (DSN 2002), June 2002, pp. 59 68.



Internet Denial of Service. Attack and Defense Mechanisms
Internet Denial of Service: Attack and Defense Mechanisms
ISBN: 0131475738
EAN: 2147483647
Year: 2003
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net