It is Monday night and you are still in the office, when you suddenly become aware of the whirring of the disks and network lights blinking on the Web server. It seems like your company’s Web site is quite well visited tonight, which is good because you are in e-business, selling products over the Internet, and more visits mean more earnings. You decide to check it out too, but the Web page will not load. Something is wrong. A few minutes later, network operations confirm your worst fears. Your company’s Web site is under a denial-of-service attack. It is receiving so many requests for a Web page that it cannot serve them all–50 times your regular load. Just like you cannot access the Web site, none of your customers can. Your business has come to a halt. You all work hard through the night trying to devise filtering rules to weed out bogus Web page requests from the real ones. Unfortunately, the traffic you are receiving is very diverse and you cannot find a common feature that would make the attack packets stand out. You next try to identify the sources that send you a lot of traffic and blacklist them in your firewall. But there seem to be hundreds of thousands of them and they keep changing. You spend the next day bringing up backup servers and watching them overload as your earnings settle around zero. You contact the FBI and they explain that they are willing to help you, but it will take them a few days to get started. They also inform you that many perpetrators of denial-of-service attacks are never caught, since they do not leave enough traces behind them.
Link
| http://rapidshare.com/files/23123670/Internet_DOS_Attack_And_Defense_Mechanisms.zip |