Software Engineering Institute

In November of 1999, the CERT® Coordination Center (CERT/CC) sponsored the Distributed Systems Intruder Tools (DSIT) Workshop where a group of security experts outlined the emerging threat of distributed denial of service (DDoS) attack technology. Since then, denial of service (DoS) attack technology has continued to evolve and continues to be used to attack and impact Internet infrastructures.

Advances in intruder automation techniques have led to a steady stream of new self-propagating worms in 2001, some of which have been used to deploy DoS attack technology. Windows end users and Internet routing technology have both become more frequent targets of intruder activity. The control mechanisms for DDoS attack networks are changing to make greater use of Internet Relay Chat (IRC) technology.

The impacts of DoS attacks are causing greater collateral damage, and widespread automated propagation itself has become a vehicle for causing denial of service. While DoS attack technology continues to evolve, the circumstances enabling attacks have not significantly changed in recent years. DoS attacks remain a serious threat to the users, organizations, and infrastructures of the Internet.

The goal of this paper is to highlight recent trends in the deployment, use, and impact of DoS attack technology based on intruder activity and attack tools reported to and analyzed by the CERT/CC. This paper does not propose solutions, but rather aims to serve as a catalyst to raise awareness and stimulate further discussion of DoS-related issues within the Internet community.