Internet Denial of Service: Attack and Defense Mechanisms

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Y] [Z]

SANS list SANS NewsBytes (reports of Solaris intrusions)

Sasser 2nd

Savage, Stefan 2nd 3rd Scalability

Scanners

     blended threat toolkits

     distributed

     host and network oriented

Scanning, recruiting agents

Scripting attacks

Secure Overlay Services (SOS) Securing end hosts

Security issues. [See also legal issues.]

     disclosure versus nondisclosure

     electronic communication privacy     liability     network control

     wiretap

Segregated services Self-help options Semantic attacks

Semantic levels. [See Attacks, semantic levels]

Sensitivity, attack detection

Serv-U FTP

Service differentiation (legitimacy). [See also source validation.]     attack response 2nd

     identifying

     researchShaft

     analysis 2nd

     detection of command and control     direct commands     features and use 2nd 3rd 4th     in history

     predictions about development trends

     recruitment of agents 2nd

     scanning for

     size of networks 2nd

     statistics capabilities 2nd

SIFF

Signature detection 2nd [See also anomaly detection, attack detection, detection, misbehavior detection.]

Signatures

     external

     file system

     internal

     network state

     network traffic     process state     system log

Simple Nomad. [See Loveless.]

Single-threaded DoS Sinkhole networks

Slammer worm

     effects 2nd

     recruitment of agents

     relation to unwitting agents

     size of networks

Slapper worm

Slaves. [See agents, handlers, stepping stones.] Sleuthkit

Slowing down networks. [See Lagging attacks.]

Smurf attacks 2nd

Sniffers     description     distributed, evolution of

     evolution of

     Web site Social challenges Social issues

Software for attacks. [See malware.]

Solaris intrusions

Sophistication level of attacks 2nd

SOS (Secure Overlay Services)Source address forgery. [See IP spoofing.]

Source address. [See IP headers; header fields.]

Source code lineage Source path isolation engine (SPIE)

Source validation. [See also service differentiation.]

     attack response     hiding     one-way functions     overprovisioning

     proof of work

     resource allocation

     reverse Turing test

     TCP SYN cookie approach

     trapdoor functions

Spam, evolution of

Spambots

SPIE (source path isolation engine)

SPIEDER

Spoofing. [See IP spoofing.]

Stacheldraht

     analysis

     blended threat     detection of command and control 2nd     direct commands

     features and use

     in forensic analysis 2nd     in history 2nd

     motivation to create

     predictions about development trends

     relation to blended threats

     relation to t0rnkit and Ramen worm 2nd

     scanning for

     use of covert channel

Standard-based detection models Stepping stones, definition 2nd

Store-and-forward switching

Strategies. [See defense approaches, defense strategies.]

Subnet spoofing Surface analysis Swapping activity

SYN flood attacks

SYN floods, evolution of Synchronous communication synk4 program

synscan program

System log cleaners

System log signature

System tuning