The original aim of Internet was to provide an open and scalable network, which could offer easy, fast and inexpensive communication mechanisms, and it was indeed very successful in accomplishing this particular goal. During Internet design, the functionality aspect was of much concern rather than security, due to which this design opens up several security issues that create a room for various attacks on the Internet. Internet security has several aspects such as confidentiality, authentication, message integrity and non repudiation. Availability is one of the main aspects of Internet security. Attacks such as denial of service and its variant distributed denial of service attack target the availability of services on the Internet. Threat to the Internet availability is a big issue and hampering the growth of online organizations those rely on having their websites 100% available to visitors, users and customers. DDoS attacks are not new assaults against the Internet. DDoS attacks marked their presence in August 1999 and continuing to attack various Web sites (including highprofile) since then. Due to the lack of a comprehensive and effective solution to combat such DDoS attacks, they are growing in frequency and volume. This paper outlines DoS and DDoS attack overview and highlights some of the DDoS incidents occurred from 1999 to 2008 and briefs DDoS incidents occurred in the year 2010-2009 and also demonstrates the need of a comprehensive DDoS solution due to flood of incidents occurred in past few years.  The remainder of this paper is organized as follows. Section II discusses Internet attack and classification of Internet attacks according to unauthorized result is discussed. Section III demonstrates DoS and DDos overview and DDoS attack modus operandi. Section IV discusses factors which open the door for DDoS attacks on the Internet. Section V gives the details of various DDoS incidents from year 1999 to 2008 and highlights some recent DDoS incidents in year 2009-2010 in chronological order, also briefs monetary and non monetary impacts on online organizations due to DDoS attacks. Section VI highlights need of the comprehensive DDoS combat solution. Finally, section VII concludes the paper.

DDoS attack does not rely on particular network protocol or system weakness. It simply exploits the huge resource asymmetry between the Internet and the victim [7]. Since Internet architecture is open in nature, any machine attached to it is publically visible to another machines attached to enable the communication. The hacker or attacker community takes the unhealthy advantage of this open nature to discover any insecure machine connected to the Internet. The discovered machine is thus infected with the attack code. The infected machine can further be used to discover and infect another machine connected and so on. The attacker thus gradually prepares an attack network called botnet.  Depending upon the attacking code the compromised machines are called Masters/Handlers or zombies. Hackers send control instructions to masters, which in turn control zombies. The zombies under the control of masters/handlers transmit attack packets as shown in Fig. 1, which converge at victim to exhaust its resources. DDoS attack basically targets victim’s computational or communicational resources [11], such as bandwidth, memory, CPU cycle, file descriptors and buffers etc. DDoS attack can be flooding attack or vulnerability attack [4], [9]. Flooding attack eats up the victim resources by flooding the large volume of packets. Vulnerability attacks use the expected behavior of protocols such as TCP and HTTP to the attacker’s advantage. During flooding attack as shown in Fig. 2, the attackers congest the link between ISP edge router and victim’s access router by flooding packets towards victim. This results in the consequence that the legitimate clients are denied of the service due to limited bottleneck bandwidth. When the total request rate becomes more than total service rate the requests will start buffering at victim server and with the passage of time incoming requests are dropped due to buffer overflow. The congestion and flow control signals [16], [17] force the legitimate clients to decrease their rate of sending packets, however, attack packets continue to come at the distribution rate specified by attacker. Hence, a stage comes when whole of bottleneck bandwidth is seized by attack packets. As per [12], as attack strength grows by using multiple sources, the computational requirements of even filtering traffic of malicious flows become a burden at the target. The distributed nature of DDoS makes it very difficult to prevent and mitigate. The effects of DDoS attacks are very severe. It enables attacker to conceal its identity very well.

One of the major reasons that make the DDoS attacks wide spread and easy in the Internet is the availability of attacking tools and the powerfulness of these tools to generate attacking traffic [6]. As per [4], [9] various reasons that create opportunities for attackers to use attack tools easily and launch a successful attack are:

1) Internet security is highly interdependent: The susceptibility of DDoS attacks depends upon global internet security rather than the security of victim.

2) Internet resources are limited: Each Internet host has limited resources that can be consumed by a sufficient number of users.

3) Accountability is not enforced: With mechanisms like IP spoofing, the perpetrator can conceal his real identity and hence, real source of attack cannot be judged.

4) Control is distributed: Since Internet management is distributed and each network runs as per particular policies and regulations defined, it is almost impossible to deploy a certain global security mechanism and moreover due to privacy concerns it is sometimes nearly impossible to investigate the cross network behavior.

5) Simple Core and Complex Edge: One of the design principles is that the Internet should keep the core networks simple and push any complexity into the end hosts [9], [10]. Hence, core routers don’t make necessary authentication checks. The void of authentication checks at network level encourages undesired unauthorized attempts like IP spoofing, which is the major way of doing DDoS attack.

6) Multipath Routing: Multipath routing makes authentication difficult hence, it may encourage unauthorized activities. Intermediate router routes IP packet from source to destination & has no way of knowing that whether the IP packet it is forwarding is the legitimate packet or a spoofed one

There is an alarming increase in the number of DDoS attack incidents. Not only, DDoS incidents are growing day by day but the technique to attack, botnet size, and attack traffic are also attaining new heights. Effective defense measures needed to prevent and mitigate these attacks is the current need of the hour. The major contributions of this paper are  It gives overview of DoS and DDoS problem.  It briefs the main security holes that create room for these attacks.  Information about important DDoS incidents from year 1999-2008. Chronological brief  about recent DDoS incidents is provided. Latest scenario of DDoS attacks, DDoS attack traffic, botnet size is explored.  Financial loss incurred due to DDoS attacks is also explored.  The need for comprehensive methods to elicit information of DDoS attack and effective preventive and mitigation methods are highlighted.


Please enter your comment!
Please enter your name here