Internet Denial of Service. Attack and Defense Mechanisms
by Mirkovic, Jelena, and Sven Dietrich, and David Dittrich, and Peter Reiher
Prentice Hall 2005.
ISBN 0-13-147573-8, LoC TK5105.59.I5455. 372 pages, $39.99, index, three Appendices, extensive Bibliography.
Reviewed by Robert Bruen March 14, 2005
Any idiot can launch a successful denial of service. It only requires hammering on an Internet service until it is overwhelmed. The only real technical advancement in many years is the distributed version that uses lots of sources to do the hammering. The methods involved in taking over these sources were part of a real technical advance, but it appears that DoS attacks have reached a sort of maturity with little future development. The certain progress has been in its use.
The initial DoS's were flooding attacks against servers and networks by those who did it just because they could or because they were unhappy with the victim. Evolution has brought us to the point where extortion is the main goal. Yes, it is all about the money, now. DoS attacks are waged against business, especially gambling establishments. While there are also political uses, by and large, DoS stands as a fairly simple tool to interfere with the financial health of business. This makes it important to understand how it's used and to find ways to mitigate its impact.
Mirkovic et al., show a deep understanding of the vagaries of DoS and DDoS. The task at hand is to mitigate the attacks once they start to limit the impact. The holy grail is to find a way to trace back to the various zombies and the to the controller/originator. Without new techniques drawn from extensive experience, it is unlikely that this will happen. The authors have provided as good a description of the state of the art as can be found. I appreciate any book that is well researched with citations and a good bibliography. Those contributions move a book from being just a list of attacks and defenses to a serious work which provides the benefits of real expertise.
This book covers a broad range of information from how to determine when an attack is in progress to how to deal with the law. One interesting detour from the criminal aspects is the use of civil law to deal with a DoS. This may become an expanding area of activity. A number of tools and approaches for coping with attacks of this nature get explained.
We may see new variations of distributed attacks that will require more innovative methods to combat them. Think for a moment of a constant flow of packets from many sources to many victims at low rates that can ramped up or down instead of just being turned from "flooding on" or "flooding off". These might become a long term, constant presence on the Internet. Other possibilities await.
The best we can do is understand what we can, starting with this excellent book.