Discover Network Security News
Denying Denial of Service
Their concerns are well founded. Just look at this summer's Code Red worms, which took advantage of an IIS vulnerability and initially infected more than 350,000 computers worldwide within 14 hours. Had the payload been designed a little better, Code Red could have set off a chain-reaction of DoS attacks Internet-wide.
"With that kind of firepower, they could have taken down anything," says Stefan Savage, a computer scientist at the San Diego Supercomputer Center's Cooperative Association for Internet Data Analysis (CAIDA). Along with colleagues Geoffrey Voelker and David Moore, Savage has created a technique--code-named "Backscatter"--to track and analyze DoS attacks (see Right Back Atcha).