13

IP NETWORK SECURITY

The security of networks can be assessed by reviewing the vulnerability of the deployed protocols to exploits. Threats exploit these vulnerabilities, misusing the networks to obtain some benefit or disrupt the service. This chapter discusses some popular threats and how they exploit protocol vulnerabilities. Some counter measures based on algorithms that either work as an application or as a protocol at the network or transport layers are discussed.

13.1 INTRODUCTION

A denial-of-service (DoS) attack or distributed denial-of-service (DDoS) attack is an attempt to exhaust the resources of a computer or network to prevent the victim from doing useful work. DoS attacks may involve gaining unauthorized access to network or computing resources [1]. DoS attacks have been mostly considered on servers, where the service provided to the intended users becomes noticeably diminished or unavailable. The victim can be a network server, a client or router, a network link or an entire network, an individual Internet user or a company doing business using the Internet, an Internet service provider (ISP), country, or any combination of or variant on these. One common form of attack involves saturating the target (victim) machine with external communications requests, such that it becomes unable to keep up with responding to legitimate requests, or it responds slow enough to be rendered unavailable. In general terms, DoS attacks are implemented by either forcing the targeted ...