Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have been around for years, but with reports that 4,000 DoS attacks are launched each week, it's clear the problem isn't close to being resolved. In fact, in a recent poll of Information Security . . .
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have been around for years, but with reports that 4,000 DoS attacks are launched each week, it's clear the problem isn't close to being resolved. In fact, in a recent poll of Information Security readers, 90 percent said they remained either "very concerned" or "somewhat concerned" about DoS or DDoS (see Reader Poll).

Their concerns are well founded. Just look at this summer's Code Red worms, which took advantage of an IIS vulnerability and initially infected more than 350,000 computers worldwide within 14 hours. Had the payload been designed a little better, Code Red could have set off a chain-reaction of DoS attacks Internet-wide.

"With that kind of firepower, they could have taken down anything," says Stefan Savage, a computer scientist at the San Diego Supercomputer Center's Cooperative Association for Internet Data Analysis (CAIDA). Along with colleagues Geoffrey Voelker and David Moore, Savage has created a technique--code-named "Backscatter"--to track and analyze DoS attacks (see Right Back Atcha).