DocumentCode
2079263
Title
Zombie Identification Port
Author
Inacio, P.R.M. ; Gomes, Joao V P ; Freire, Mario M. ; Pereira, Manuela ; Monteiro, Paulo P.
Author_Institution
Dept. of Comput. Sci., Univ. of Beira Interior, Covilha
fYear
2008
fDate
June 29 2008-July 5 2008
Firstpage
67
Lastpage
73
Abstract
Most denial of service (DoS) attacks try to exhaust a victim network or server resources by flooding them with a largely exaggerated amount of bogus requests or fake messages. When a given server or network is under a DoS condition, its capability to distinguish good from bogus requests gets severely reduced and the service is refused to some, if not all, legitimate users. In such situation, the most obvious fact for the victim is the DoS condition itself and nothing else. Because of that, the options of the victim server or network are confined to traffic filtering/shaping or, ultimately, to forensic mechanisms. In this paper, a security mechanism based on simple notifications to a special port is proposed, and explained in detail by enumerating different application cases. The mechanism is going to prove itself especially useful for attenuating the impact of reflected DoS attacks and for the detection of malicious software on remote zombie machines, unconsciously contributing to non spoofed distributed attacks.
Keywords
invasive software; bogus requests; denial of service attacks; fake messages; forensic mechanisms; malicious software detection; nonspoofed distributed attacks; security mechanism; server resources; traffic filtering; victim server; zombie identification port; Application software; Computer crime; Computer networks; Filtering; Internet; Intrusion detection; Network servers; Protocols; Reflection; Telecommunication traffic; Denial-of-Service; Distributed Denial-of-Service; DoS; Mitigation; Operating System; Security Mechanism; Zombie Identification; port;
fLanguage
English
Publisher
ieee
Conference_Titel
Internet Monitoring and Protection, 2008. ICIMP '08. The Third International Conference on
Conference_Location
Bucharest
Print_ISBN
978-0-7695-3189-2
Electronic_ISBN
978-0-7695-3189-2
Type
conf
DOI
10.1109/ICIMP.2008.10
Filename
4561328
Link To Document