Internet and Network Security

Whether our DDoS defense strategy is preventive, reactive, or a combination of both, there are some basic goals we want it to achieve.

Effectiveness
A good DDoS defense should actually defend. It should provide either effective prevention that really makes attacks impossible or effective reaction ensuring that the DoS effect goes away. In the case of reactive mechanisms, the response should be sufficiently quick to ensure that the target does not suffer seriously from the attack.
Read the rest of this entry »

This articles is the next discussion of early articles of DDos prevention.
In some cases the attack is un-preventable, then the only thing we got is react on it. While there are many DDoS attacks on an Internetwide basis, many nodes will never experience a DDoS attack, or will be attacked only rarely. If attacks are rare and the costs of preventing them are high, it may be better to invest less in prevention and more in reaction. A good reactive defense might incur little or no cost except in the rare cases where it is actually engaged.

Reaction is not always mean without preparation, this reaction might require you to contact other parties to enlist their assistance or to refer the matter to legal authorities. Its better to know who to contact, what they can do for you, and what kind of information they will need to do it, your reaction will be faster and more effective. If your reaction includes locally deployed technical mechanisms that expect advice or confirmation from your system administrators, Read the rest of this entry »

With the improvement of the DDos attack which impacting on the increase of computer security threats, there still something we could do to protect the target. The way we prevent the attacks from happening are with early detection detect and then react effectively when they do occur.

Preventive Measures
A simple and effective way to make it impossible to perform a DDoS attack on any Internet site would be the best solution, but it does not appear practical. However, there is still value in preventive measures that make some simple DDoS attacks impossible, or that make many DDoS attacks more difficult. Reasonably effective preventive defenses deter attackers: If their attack is unlikely to succeed, they may choose not to launch it, or at least choose a more vulnerable victim.
Read the rest of this entry »

The terms ingress and egress mean, respectively, the acts of entering and exiting. In an interconnected network of networks, such as the Internet, what leaves (egresses) one network will enter (ingress) another. It is extremely important to clearly define the location where the filtering is done with respect to the network whose traffic is being filtered, to avoid confusion.

If there was one “Big I” Internet, and we all connected our hosts directly to “The Internet,” life would be simple and we could just say “ingress means entering the Internet” and “egress means leaving the Internet,” and everything would be clear. There would be only one perspective. But there is no “Internet” to which we all connect, and to make matters worse there are tier 1 and tier 2 network providers, as well as leaf networks (e.g., university and enterprise networks).
Read the rest of this entry »

IP spoofing is not necessary for a successful DDoS attack, since the attacker can exhaust the victim’s resources with a sufficiently large packet flood, regardless of the validity of source addresses. However, some DDoS attacks do use IP spoofing for several reasons.

1. Hiding the location of agent machines. In single-point DoS attacks, spoofing was used to hide the location of the attacking host. In such attacks, network operators find it hard to block the source of the attack and/or remove the offending host from the network, or even clean it. In DDoS attacks, the agents are the path to the handler, which provides an additional layer of indirection to the attacker. Hiding agents means hiding a quick path to the attacker.
Read the rest of this entry »