13 of 15 people found the following review helpful
- Published on Amazon.com
Internet Denial of Service
I certainly enjoyed reading this book, in fact I started looking at it during the work day and couldn't wait for everyone to leave at quitting time so I could finish it. It seems to have a bit of trouble finding its niche, most of the time it has the feel of a research paper, but from time to time there are amazingly practical tidbits. If you are looking for a how to stop denial of service, step by step, buy the cup of coffee from Borders and leaf through the book and make your decision carefully. If you are a researcher in the USA interested in Internet protocols and US law and response, this is a must read, must have. If you are truly seeking to understand what zombie style distributed denial of service is and is capable of, buy the book and read it three times. My response team worked closely with one of the authors, David Dittrich from 1999 - 2001 and if there is a "been there, done that" individual when it comes to malicious code, he would be that person.
This is not a book for a novice, but if you know your way around a network and know a bit about routing, there are a number of helpful illustrations and code segments that drive the points home.
I realize I gave the book three stars even though I liked it a lot and that is primarily because the book is much weaker in the two final chapters, 8 and 9. You just can't throw issues like law, ethics, jurisdiction, evidence collection, and estimation of damages on the table, write a couple paragraphs and zoom on, someone could get hurt. For the right reader, this can be a wonderful resource.
12 of 14 people found the following review helpful
- Published on Amazon.com
'Internet Denial of Service' (IDOS) is an excellent book by expert authors. IDOS combines sound advice with a fairly complete examination of the denial of service (DoS) problem set. Although the authors write from the DoS point of view, as a network security monitoring advocate I found myself agreeing with many of their insights. Since there are no other books dedicated to DoS, I was very pleased to find this one is a powerful resource for managers and technicians alike.
IDOS features some of the best minds on DoS research available. Everyone has heard of Dave Dittrich, but I found the work of lead author Jelena Mirkovic to be particularly valuable. Peter Reiher and long-time DoS researcher Sven Dietrich also give the project considerable weight. All four authors work for or with universities, and IDOS reflects this academic connection by frequently citing papers and DoS research. For example, chapter 7 describe DoS mitigation approaches and Appendix C examines the best available data on DoS techniques. I would encourage other authors to make similar references to the academic community and not write in a literary vacuum.
By making references to outside works, IDOS successfully avoids repeating material published elsewhere. Chapter 6 was probably my favorite section, including much distilled wisdom and advice on responding to DoS attacks. I welcomed the authors' frequent recommendations to collect session and full content data. It is often impossible to detect and respond to attacks without this sort of network-based evidence. This point is often lost on vendors or consultants who lack experience performing incident response.
I had minor problems with the book. First, I would have liked more technical detail in chapter 6. For example, it would have been nice to see examples of system metrics from nodes or routers under DoS attack. Specific advice on host tuning techniques would also have been useful, e.g., make changes X, Y, or Z on FreeBSD or Cisco IOS to better resist DoS conditions. I was also slightly disappointed the authors did not base their discussions of commercial products in Appendix B on hands-on evaluations. I understand the problem with meeting this objective, however.
I did not have any problems with the legal or concluding chapters (8 & 9). I think the earlier three-star reviewer found himself on the wrong side of the 1999 "RST scan" controversy discussed on p. 52 and may not have been happy by the (correct) stance taken by IDOS.
I highly recommend every security professional read IDOS. It's a convenient and illuminating discussion of a problem that will never disappear. This book will prepare you to do battle with DoS attacks, and for that I am thankful.
10 of 12 people found the following review helpful
- Published on Amazon.com
Your take on this book really depends on where you are sitting. The authors lucidly describe what a Denial of Service attack is. More to the point, the book then goes into an explanation of its more dangerous variant - the Distributed Denial of Service [DDoS] attack. The book is really about the latter; not the simple DoS. We see how DDoS evolved rapidly from 1999 to 2005, with the number of computers hijacked to become agents for an attack expanding from hundreds to over a hundred thousand. And how it no longer seems to be done by joyriding hackers just seeking a thrill. Now, it may actually be a business; a major branch of malware.
You should have a reasonable background in understanding TCP/IP, to appreciate the book's technical discussions. For example, if you see mention of the TTL field in a header, you should already know what it means.
The book explains several postulated countermeasures to DDoS. Nifty ideas like traceback and pushback. Or perhaps doing an entropy count of good and bad packets, to help distinguish between them. The problem is that none of these are truly effective. DDoS is an unsolved problem. So if you are a cracker, this is good news. Not so for sysadmins.
But there is something else. Perhaps DDoS is fundamentally insolvable, under the current IPv4 and current router capabilities. But maybe this field is still young. What is a problem for many could be a chance for you, as a researcher or inventor.
2 of 3 people found the following review helpful
- Published on Amazon.com
There are obviously a multitude of ways an attacker can take your site down. One way is via a denial of service attack. There's a new book out that covers just that attack in great detail: Internet Denial Of Service - Attack and Defense Mechanisms by Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher (Prentice Hall).
Chapter list: Introduction; Understanding Denial of Service; History of DoS and DDos; How Attacks Are Waged; An Overview of DDoS Defenses; Detailed Defense Approaches; Survey of Research Defense Approaches; Legal Issues; Conclusions; Glossary; Survey of Commercial Defense Approaches; DDoS data; References; Index
Going into this book, I can say I knew about the basics of a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack. What I didn't understand is how sophisticated they've become. The book covers (in deep detail) how bot or zombie networks are developed and utilized to launch these types of attacks. I didn't realize that it's relatively easy to acquire a bot network of over 100000 clients who can flood a site with packets. And it's not even necessary to use them all at once. Attacks can start with a fraction of the clients, and then escalate as the victim attempts to filter packets or add bandwidth. It's a scary thing. The authors also cover the various issues involved in the defense of these types of attacks. Filtering might work, but it can be difficult to find the correct filtering parameters that don't also drop legitimate traffic. And due to the distributed nature of the attack, it can be nearly impossible to find the culprit, and worse, to prevent it from happening again.
Walking away from this book, you don't get a warm, fuzzy feeling about the current situation. Regardless of what steps you take, there is no current sure-fire method for defending these attacks. But by reading Internet Denial of Service, you'll be far more prepared to understand what's going on and what realistic options do exist. Better yet, it also gives you the steps you need to take to prepare your site for this type of incursion beforehand. If you've mapped out your plan ahead of time, you can definitely minimize (to some extent) the damage that can occur.
This is a good read for any security professional tasked with security and availability of an organizational website. Reading this now could save your job later...