The Problem

DoS (Denial of service) is a attack on a server to prevent people from being able to request for services there are many forms but i will only deal with the most recently used form against the major e-commerce sites such as Yahoo!, E-trade, CNN interactive, E-Bay, Amazon.com and etc. the attack is conducted as follows. The attack is described to be multiple computers sending out a huge number of ping requests. Ping requests is a way for a copmuter on a network to ask if another computer exists and to test the quality of the media it is transmitting data on. Once a copmuter pings another computer the other computer has to respond with a reply of "i am here". Normally this would require very little bandwidth and processing power, but because of the huge number of requests being made at the same time, the server has trouble replying to all of them. Because of this people who are really looking for services have their requests dropped by the server. The problem with these attacks is that companies lose money when people can't gain access to the resources in the site. The root of the problem is figuring out how to get a server to recognize what is a real request for service and what is a attack, once we can get a server to differenciate between the two then can we take action to stop it.

What's out there

There are currently securities in place but these aren't able to filter out such basic attacks such as a firewall. A firewall filters out certain requests designated by the newtork administrator, but a ping request is often used by others to know if the website is still active and if the website doesn't respond then it considered down or unreachable in either case it would be unacceptable.

How I think the software should function

The Software i believe should be a add-on to a larger system, I present the idea of creating programs that work with your System to help identify the DoS attack, and then send a special request to your router that is connected to your server to block off this ip address from sending anymore requests. The administrator should be able to set a valid request number meaing that a certain number of requests will be answer within a certain period of time before it is considered a attacker and blocked off. The program should be able to be set a time for which the ip address can't get pass the router and to remove it once the timeout is over so in case on any mistaken appears of an attack can be removed. However the program should also take note of where the attacks are coming from so that the administrators can notify the owner of the system that he or she has a system that is attacking them and to check if they are in fact doing it on purpose or if some hackers have gotten in.

Here is a link to a site that has details of DoS and some partial protection. Also that stress CIO's should let software developers that hacking in general should be taken care of. DoS

Part2 HW1 part2