Internet Denial of Service: Attack and Defense Mechanisms

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [Y] [Z]

t0rnkit targa.c program

Target-based defense

"Targeting the Innocent . . . ," TCP banner grabbers

TCP SYN cookie approach

TCP/IP. [See also IP headers, packets, ports, protocols.]

     definition

     stack bug

Tcpdstat program

teardrop program

Technical challenges, defenseTFN (Tribe Flood Network)

     analysis

     detection of command and control 2nd

     direct commands     features and use 2nd 3rd     in history 2nd

     motivation to create

     predictions about development trends     relation to blended threats     scanning for 2nd

     size of networks

TFN2K (Tribe Flood Network 2000)

     analysis

     detection of command and control 2nd 3rd     features and use 2nd 3rd

     in history 2nd

     portability     relation to 1i0n worm

     relation to blended threats

"The Bad Boys of Cyberspace," The Coroner's Toolkit "The Experience of Bad Behavior . . . ,"Third-party tools. [See tools; commercial.]

Three-way handshake

Throttling

     locality principle

     packet flow

     worms

Thrower, Woody

Timeline, tools and programs development 2nd

Timeliness, attack detection

TISSEC (Transactions on Information and System Security)

Tools. [See also malware, analysis.]

    Agobot/Phatbot. [See Agobot and Phatbot.]

     auto-rooters 2nd

     automated attacks     blended threat 2nd     boink program

     bonk program

     combining exploits 2nd     command and control flow

    commercial products

         active verification

         anomaly detection 2nd 3rd

         Arbor Networks

         Captus IPS

         Captus Networks Corporation

         Cisco Guard XT         Cisco Traffic Anomaly Detector XT

         CS3, Inc.

         data collection

         filtering         firewalls         flooding attacks

         Lancope

         MANAnet Firewall         MANAnet FloodWatcher         MANAnet Linux Router

         MANAnet Reverse Firewall

         MANAnet Shield

         Mazu Enforcer

         Mazu Networks         overview

         Peakflow

         protocol analysis         rate limiting

         setting triggers

         StealthWatch         summary         traffic monitoring 2nd         Web server protection

         Webscreen Technologies

         WS series of applications

     cron

     detecting

     disk I/O performance

     distributed scanners and sniffers

     DoS programs

     DSIT (Distributed System Intruder Tools) Workshop 2nd 3rd 4th

     encryption

     estimating attack magnitude

    evolution of

        Agobot. [See Agobot and Phatbot.]

         boink program         bonk program         distributed scanners and sniffers

         DSIT (Distributed System Intruder Tools) 2nd 3rd 4th

         encryption        Phatbot. [See Agobot and Phatbot.]

        Shaft. [See Shaft.]

         sniffers

        Stacheldraht. [See Stacheldraht.]

         teardrop program

        TFN (Tribe Flood Network). [See TFN.]

        TFN2K (Tribe Flood Network 2000). [See TFN2K.]

         timeline 2nd        trinoo. [See trinoo.]

     exploit programs

     fapi

     Firedaemon     for agent discovery     FTP servers

    GTbot. [See GTbot.]

     hdparm     historical analysis     inetd

     iostat

     IRC bots

    kaiten/knight bot. [See kaiten/knight bot.]

     mscan    mstream. [See mstream.]

     Nessus

     netstat     nfsstat

     NIPC scanning tool (find_ddos) 2nd

     nmap 2nd    Phatbot. [See Phatbot.]     PING.EXE    Power bot. [See Power Bot.]

     processor utilization

     ps

     rape

     RID

     scanners 2nd 3rd

     Serv-U FTP

    Shaft. [See Shaft.]

     single-threaded DoS

     sniffers 2nd

    Stacheldraht. [See Stacheldraht.]

     synk4 program

     synscan program

     system log cleaners     targa.c     TCP banner grabbers

     teardrop program

    TFN (Tribe Flood Network). [See TFN.]    TFN2K (Tribe Flood Network 2000). [See TFN2K.]

     top

    Trinity. [See Trinity.]

    Trinoo. [See trinoo.]

     Trojan Horse replacements

     uptime

     vmstat

     vulnerability scanner     Warez bots

     Zombie Zapper

top 2nd

Topological changes Tortious Interference with Business Relationship or ExpectancyTraceback

     defense approaches

     definition     problems using     research

Traffic

     blocking

     capture/analysis

    legitimacy. [See service differentiation.]     policing 2nd

     volume, role in attacks

Trafficking in Passwords (18 U.S.C. §1030(a)(6)) Transactions on Information and System Security (ACM TISSEC)

Transactions on Information and System Security (TISSEC)

Trapdoor functions Trespassing on Government Computers (18 U.S.C. §1030(a)(3))Tribe Flood Network (TFN). [See TFN.]Tribe Flood Network 2000 (TFN2K). [See TFN2K.]

Trinity

     analysis

     features and use

     use of IRC 2nd

trinoo

     analysis 2nd

     detection of command and control 2nd 3rd

     direct commands

     features and use 2nd

     in forensic analysis

     in history 2nd 3rd 4th

     motivation to create

     portability     predictions about development trends 2nd     recruitment of agents 2nd

     scanning for 2nd

     size of networks 2nd Trojan Horse replacements

Troll

     definition

     Trolling

Turing test