index_D
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Y] [Z] D-WARD Daemons. [See agents, handlers, stepping stones.] Damages. [See also cost of attacks.] aggregating cost-estimation model estimating hidden costs ICAMP (Incident Cost Analysis and Modeling Project) IRC (Internet Relay Chat) loss, definition 2nd trigger for federal statutes United States v. Middleton Data, as property Datagrams. [See packets.] DDoS (distributed denial of service). [See also attacks, DoS.] benefits for the attacker definition extortion trend goals history of. [See evolution of DoS attacks.] postal analogy prognosis DefCOM Defense approaches. [See also tools.] attack detection. [See attack detection.] attack response. [See attack response.] building secure systems characterization charges for packet sending collateral damage complete deployment completeness contiguous deployment costs deployment at specified points deployment patterns effectiveness false negatives firewalls false positives general strategy goals hardening incident response life cycle large scale, widespread deployment modification of protocols NAT (Network Address Translation) box obstacles ongoing attacks as a source as a target backscatter traceback BGP-speaking routers black hole routes filtering hardcoded IP addresses liability issues sinkhole networks overview 2nd post-mortem analysis preparation attack response automatic response closing unneeded ports compartmentalizing your network costs critical versus non-critical services custom defense systems disabling unneeded services discovering active services disk I/O performance end host vulnerability estimating damage costs fault-tolerance filtering incoming traffic hiding identifying bottlenecks incident response life cycle ingress/egress filtering insurance coverage ISP agreements 2nd MAC (mandatory access control) manual response memory utilization network I/O performance network risk assessment number of server processes overprovisioning 2nd processor utilization risk assessment scalability securing end hosts segregated services swapping/paging activity system tuning protection attack prevention endurance approach host vulnerabilities hygiene network organization packet filtering reaction 2nd research ACC (aggregate congestion control) Bloom filters client legitimacy congestion signatures connection depletion attacks COSSACK (COordinated Suppression of Simultaneous AttaCKs) D-WARD DefCOM detection and control of attacks entropy principle flash crowds flooding-style attacks 2nd hash-based traceback HCF (Hop-Count Filtering) locality principle NetBouncer Pi filtering PPM (probabilistic packet marking) prognosis proof of work pushback rate limiting 2nd SIFF SOS (Secure Overlay Services) source-based defense SPIE (source path isolation engine) SPIEDER target-based defense target-resident DoS filters traceback serving legitimate traffic social challenges source validation hiding one-way functions proof of work resource allocation reverse Turing test TCP SYN cookie approach trapdoor functions technical challenges throttling packet flow wide deployment, requirements Defense locations in the middle multiple locations near the attacker near the target tragedy of the commons Defense strategies. [See defense approaches, prevention, detection, reaction.] Degradation of service Deloder worm DeMilitarized Zone (DMZ). [See DMZ.] Denial of service (DoS). [See DoS (denial of service).] "Denial-of-Service Developments," (CA-2000 01) "Denial-of-Service Tools," (CA-1999 17) Department of Justice Cybercrime Web site Deployment patterns Detection. [See also attack detection.] anomalies definition description general defense strategy misbehavior of DoS tools signatures "Developing an Effective Incident Cost Analysis Mechanism," Dietrich, Sven DDoS analysis history of DoS mstream analysis 2nd 3rd 4th 5th 6th Shaft analysis 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th Stacheldraht analysis 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th tool analysis Direct commands Disabling unneeded services Disclosure versus nondisclosure Discovering active services Disk I/O performance Distributed computing, evolution of Distributed denial of service (DDoS). [See DDoS (distributed denial of service), DoS.] "Distributed Denial of Service Tools" (IN-99 04) "Distributed Denial of Service Tools" (Sun Bulletin #00193) Distributed System Intruder Tools (DSIT) Workshop 2nd 3rd 4th 5th Dittrich, David "Active Response to Computer Intrusions," "Basic Steps in Forensic Analysis of UNIX Systems," DDoS analysis DDoS Web page "Developing an Effective Incident Costs Analysis Mechanism," host-and-network-oriented scanners IDS signatures mstream analysis 2nd 3rd 4th 5th 6th "Power bot" analysis rootkit FAQ Shaft analysis 2nd 3rd 4th 5th 6th 7th Stacheldraht analysis 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th tcpdstat modifications TFN analysis tool analysis 2nd trinoo analysis DMZ (DeMilitarized Zone) description filtering 2nd traffic capture DNS (Domain Name Service) definition false requests, evolution of Don't Panic DoS (denial of service). [See also attacks.] definition goals history of. [See Internet; evolution.] postal analogy DoS programs Dropping legitimate packets Dshield DSIT (Distributed System Intruder Tools) Workshop 2nd 3rd 4th Dual criminality |
Internet Denial of Service: Attack and Defense Mechanisms
ISBN: 0131475738
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 126
Pages: 126