Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, September 06, 2006

Researchers Challenge DOS Attack Data

Conventional wisdom about the sources and causes of denial-of-service (DOS) attacks—and the best methods for preventing them—could be completely wrong, a group of researchers said this week.  Researchers at the University of Michigan, Carnegie Mellon University, and AT&T Labs-Research said they have completed a study that debunks the widely-held belief that DOS attack traffic is usually generated by a large number of attack sources disguised by spoofed IP addresses.  In its study, the group found that 70 percent of DOS attacks are generated by less than 50 sources, and a relatively small number of attack sources account for nearly 72 percent of total attack volume.

But because this measurement technique assumes the DOS attack was launched through spoofed IP addresses, it doesn’t account for DOS attacks launched via botnets, which have become a much more attractive vector for attackers, the research team said.

The new study combines traditional indirect measurement of backscatter with direct measurement of Netflow and alarms from a commercial DOS detection system.

http://www.darkreading.com/document.asp?doc_id=103049&WT.svl=news2_3

Posted on 09/06
NewsPermalink