Denial-of-service (DoS) attacks have been launched against Internet sites for years. They are a significant problem because they can shut an organization off from the Internet and because there is no comprehensive solution—no silver bullet—for protecting your site or recovering from a denial of service. In this paper, we describe the current situation with denial-of-service attacks and explore ways of addressing the problem. Much has been written previously about denial of service. In fact, the CERT Coordination Center (CERT/CC) published alerts related to these attacks as early as 1996. CERT/CC publications and other references can be found at the end of this paper. In November 1999, the CERT/CC hosted a workshop in which 30 experts from around the world addressed the increasing sophistication of DoS tools to launch distributed denial-of-service (DDoS) attacks. The results of that workshop are published on the CERT website. (For additional publications, see the References section of this paper.) This workshop report contained the most current knowledge of denial of service at the time.
This paper provides the knowledge gained since the workshop. The information we provide is geared to commercial business. Though Internet service providers and home users can benefit, we have not tailored this paper to their particular needs. The next section provides background information about denial-of-service attacks. It is followed by information on steps you can take to reduce your risk of attack as well as how to identify attacks when they happen and respond to them. Finally, we take a look at future possibilities. An appendix contains additional information about denial of service.