![]() ![]() Hence, autonomous intrusion response is called for. More sophisticated DDoS toolkits generate traffic that “blends in” with legitimate traffic and, therefore, cannot be blocked. Although some DDoS traffic can be easily distinguished from legitimate traffic, this is not true in the general case. The reason why intrusion prevention and intrusion detection are unlikely to solve all kinds of DDoS attacks is that it is often difficult to tell the two kinds of traffic apart. Rate-limiting filters are commonly used for preventing DDoS attacks. The first line of defense against DDoS attacks is intrusion prevention. Reflection makes it more difficult to track down the source of the problem and offers a greater challenge to DDoS handling systems by bouncing packets off other hosts. Attackers can perform these attacks directly or through reflection. When the attack begins, it usually falls in to one of two classes: bandwidth depletion and resource depletion. Using exploits in a remote system, an attacker installs the attack program that can be remote controlled by the master host. Spafford, in Information Assurance, 2008 13.5.1 Primitives for Responding to DDoSĭDoS attacks typically require four components: an attacker, master hosts, zombie hosts, and a victim host. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |