Denial of Service (DoS) attacks typically involve blasting a network node, such as a Web site, an Internet Service Provider (ISP), and other servers, with a large volume of traffic that exceeds it processing capabilities, thus knocking the afflicted node out the network for the duration of the attack.
Another more sophisticated attack is referred to as a Distributed DoS (DDoS). An attacker intending to launch a DDoS attack begins by subverting a number of nodes, e.g., via well-known security loopholes. These compromised nodes essentially become slaves of the attacker and act as launch points to inject traffic into the network. By summoning a reasonable number of compromised nodes, an attacker could potentially launch a large-scale network wide attack by cascading the traffic from multiple launch points. Launching a large-scale DDoS attack is proving easier than expected. For example, both e-mail attachments and active Web page contents have been exploited in a variety of ways to spread malicious content (such as viruses) that compromise network nodes. For purposes of discussion herein, the term “Denial of Service” (DoS), unless specifically specified, shall include generally all forms of denial of service attacks including DDoS attacks.
Although most DoS discussion in the industry focuses on the overloading of the end server hosts, DoS also disrupts services by congesting the communication path between clients and end server hosts, thus taking away bandwidth for legitimate client requests; referred to herein as network DoS. It should be noted that network DoS encompasses DoS attacks on nodes since a node is effectively rendered inactive, if all the links connecting the node to other nodes are under attack.
There is no dearth of research attempting to counter all such DoS attacks. Indeed, a large variety of solutions have been proposed, but most require significant changes to network elements, and thus may be costly to deploy. Other proposed solutions involve collaboration across ISPs, which is impractical to implement in most instances given the complexities of establishing real-time and effective collaboration between ISPs.
Still, other approaches involve focusing on detecting and then blocking the attacks. However, such approaches are in a constant “cat and mouse” race with attackers. Indeed, more sophisticated DDoS attacks may evade detection altogether. In other words, it is very difficult to eliminate malicious traffic given the ever-increasing sophistication and adaptively tailored approaches used by attackers to avoid detection.
Accordingly, DoS attacks continue to pose significant threats to communication networks. In fact, the frequency and magnitude of the attacks involving the Internet have steadily been increasing. For mission-critical applications, such as disaster recovery and battlefield coordination, any disruption to service can entail serious consequences. Unfortunately, none of the current solutions used to combat DoS attacks guarantee complete protection against DoS attacks, leaving mission critical applications and other less critical applications vulnerable to attack.