|
General
|
|
Written by Daniel
|
|
Wednesday, 06 September 2006 15:52 |
Dark Reading
— Tim Wilson, Site Editor,
Researchers Challenge DOS Attack Data
SEPTEMBER 6, 2006 | Conventional wisdom about the sources and causes of denial-of-service (DOS) attacks -- and the best methods for preventing them -- could be completely wrong, a group of researchers said this week.
Researchers at the University of Michigan, Carnegie Mellon University, and AT&T Labs-Research said they have completed a study that debunks the widely-held belief that DOS attack traffic is usually generated by a large number of attack sources disguised by spoofed IP addresses.
In its study, the group found that 70 percent of DOS attacks are generated by less than 50 sources, and a relatively small number of attack sources account for nearly 72 percent of total attack volume. IP spoofing, long thought to be the most popular vector for launching a DOS attack, was found in only a few instances, the researchers said.
In the past, sources of DOS attacks were tracked by measuring "backscatter," the amount of unwanted traffic sent to unused address blocks, the researchers observed. Examining this type of traffic helps expose conversations generated between spoofed IP addresses and unknown recipients. But because this measurement technique assumes the DOS attack was launched through spoofed IP addresses, it doesn't account for DOS attacks launched via botnets, which have become a much more attractive vector for attackers, the research team said.... Much More
Discusion
|
