DDoS attacks have been a problem since 2000. In October 2016, there was a major DDoS attack against the service provider Dyn’s DNS service, which took the service down. This was one of the largest bandwidth DDoS attack ever documented,... more
DDoS attacks have been a problem since 2000. In October 2016, there was a major DDoS attack against the service provider Dyn’s DNS service, which took the service down. This was one of the largest bandwidth DDoS attack ever documented, with attack bandwidth over 650 Gbps. By taking down just Dyn’s DNS service, clients could not obtain the IP addresses, of the organizations hosting their DNS with Dyn, such as Twitter. Our contribution is that we have found a way to mitigate the effect of DDoS attacks against DNS services. We only require some very small algorithm changes, in the DNS protocol. More specifically, we propose to add two additional timers. Even if the end DNS clients don’t support these timers, they will receive our new functionality via the DNS resolvers and recursive servers. In summary, our contributions give much more control to the organizations, as to under which specific conditions the DNS cache entries should be aged or used. This allows the organization to (1) mu...
Research Interests:
Layer 3, 4 and 7 DDoS attacks are common and very difficult to defend against. The academic community has published hundreds of well thought out algorithms, which require changes in computer networking equipment, to better detect and... more
Layer 3, 4 and 7 DDoS attacks are common and very difficult to defend against. The academic community has published hundreds of well thought out algorithms, which require changes in computer networking equipment, to better detect and mitigate these attacks. The problem with these solutions, is that they require computer networking manufacturers to make changes to their hardware and/or software. On the other hand, with our solution, absolutely no hardware or software changes are required. We only require the use of BGP4 Flow-Spec, which has already been widely deployed many years ago. Further the customers’ own ISP does not require Flow-Spec. Our algorithm protects groups of over sixty-five thousand different customers, via the aggregation into one very small Flow-Spec rule. In this paper, we propose our novel, low cost and efficient solution, to both detect and greatly mitigate any and all types of L347 DDoS Web attacks.
Research Interests:
This article is concerning distributed reflection denial of service (DRDoS) attacks. These DRDoS attacks are more frequent and large scale, and are one of the biggest threats on the Internet. This ...
Research Interests:
Our research problem is that there are a large number of successful network reflection DDoS attacks. Via a UDP Reflection Attack, an attacker can send just 1 Gb/s of payload to innocent servers, and it is these servers which then can send... more
Our research problem is that there are a large number of successful network reflection DDoS attacks. Via a UDP Reflection Attack, an attacker can send just 1 Gb/s of payload to innocent servers, and it is these servers which then can send over 4,600 times the payload to the victim! There are very expensive and complex solutions in use today, however most all of these on premise solutions can be easily circumvented. The academic community has not adequately addressed this research problem. We have created a new Internet services network security surface attack mitigation methodology. Our novel design patterns will help organizations improve the price/performance of their anti-network reflection solution by 100 times, as compared to common on premise solutions. Our analysis and results confirm that our solution is viable. Our novel solution is based on stateless IP packet header filtering firewalls (which can be implemented mostly in hardware due to their simplicity). We have reduced ...
Research Interests:
Applying Constructivist Active Learning Theory in the Creation of Information Security Hands on Labs
Research Interests:
Research Interests:
In this paper, we propose a solution to eliminate a popular type of Denial of Service (DoS) attack, which is a DoS amplification attack. Note that a DoS is a subset of of DDoS. Our solution protects servers running any number of TCP... more
In this paper, we propose a solution to eliminate a popular type of Denial of Service (DoS) attack, which is a DoS amplification attack. Note that a DoS is a subset of of DDoS. Our solution protects servers running any number of TCP services. This paper is focused on the most popular type of DoS amplification attack, which uses the UDP protocol. Via DoS UDP amplification attacks, an attacker can send a 1 Gbps traffic stream to reflectors. The reflectors will then send up 556 times that amount (amplified traffic) to the victim’s server. So just ten PCs, each sending 10Mbps, can send 55 Gbps indirectly, via reflectors, to a victim’s server. Very few ISP customers have 55 Gpbs provisioned. Expensive and complex solutions exist. However our elimination techniques can be implemented very quickly, easily and at an extremely low cost.
Research Interests:
Abstrakt Information Security education benefits greatly from hands-on laboratory oriented exercises. Campus students often have access to security lab equipment. However, remote students, who never visit the campus, often have no... more
Abstrakt Information Security education benefits greatly from hands-on laboratory oriented exercises. Campus students often have access to security lab equipment. However, remote students, who never visit the campus, often have no laboratory access at all. While previous literature describing designs for information security laboratories are seldom based on specified pedagogical approaches or systematic design theories, this paper contributes by outlining a design theory of online InfoSec labs based on the “Personalized system of ...