Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study on DoS Activity In The Internet

Posted by ryuzaki0 on from the looking-under-the-hood dept.

Random Walk writes "A group of researchers from the UCSD Supercomputer Center has used a technique they call "backscatter analysis" to study the prevalence and targets of DoS attacks. They claim that their study is "the only publically available data quantifying denial-of-service activity in the Internet", and provide interesting statistics on attack rates, durations, and victims." CT:This is an amazing report.

3 of 53 comments (clear)

  1. Breaking news! by Anonymous Coward · · Score: 5

    This just in:

    In what many people are calling a sick twist of fate, the Supercomputer Center was hit with a Denial of Service attack shortly after issuing a study on the prevalence and target of DoS attacks. While details are sparse at this point, that attack is rumored to have been a "Slashdot-effect" attack. The leader of the "Slashdot" group of hackers, CmdrTaco, could not be reached for comment. His partner in crime, Hemos, was quoted as saying, "Ph34r the sl4shd0t 3ff3ct!" More details to follow as they become public..

  2. Can carpet bombing be justified? by BeBoxer · · Score: 5

    As somebody who has had to deal with the fallout of these attacks more than once, I would say no. They are never justified. If you are flooding enough traffic to affect the target, you are almost certainly affecting lots of other people who just happen to share a pipe with the target. If you DoS some web site, what do you think that does to other sites on the same server? Other folks who just happen to be at the same co-lo site? What about the folks who just happen to have the same local or upstream ISP? Is it OK for me to DoS you because I don't like your neighbor? Is it OK for me to DoS all of optonline.net because I don't like your political views?

    Even if you accept the premise that it's OK to DoS innocent people, a DoS is a piss-poor political statement. No body is going to notice at all. If I find that riaa.org is unreachable, am I going to suddenly telepathetically reach some conclusion about their politics? No. If you want to make a political statement, you have to actual say something. Merely screaming nothing at the top of your lungs accomplishes nothing.

  3. When random. . . isnt'. by RalphTWaP · · Score: 5

    Quoted from the article above:

    *begin quote*

    3.3 Analysis limitations
    There are three assumptions that underly our analysis:
    * Address uniformity: attackers spoof source addresses at random.

    *end quote*

    This seems to me to be a currently acceptable assumption IFF the attacks are of an unsophisticated/sophomoric nature; however, if the attackers are attempting to cause maximum utilization of the target network's resources, the attackers most likely will not use a randomly distributed source address. In fact, the optimal employment of spoofed addresses will likely be some subset of the addresses employed by the target's network.

    It seems likely in light of this that the "backscatter technique" outlined here, while useful, may not record the attacks engineered by more sophisticated attackers.


    Nietzsche on Diku:
    sn; at god ba g
    :Backstab >KILLS< god.