Forensics Web Site a Must-See

Having trouble with DoS attacks? Want to figure out a way to see who's behind them or at least track down the source?

Having trouble with DoS attacks? Want to figure out a way to see whos behind them or at least track down the source?

The complete answer is likely still some way off, but IT managers who want to track the latest forensic and sleuthing technologies should start at citeseer.nj.nec.com/park00effectiveness.html. This NEC ResearchIndex portal is loaded with links to papers that discuss the technical nitty-gritty of denial-of-service attacks, including the effectiveness of probabilistic (as opposed to deterministic) packet marking. This will be of interest not only to IT managers whose networks are vulnerable to DoS attacks but also to service providers that can unknowingly transmit problem traffic. Probabilistic schemes focus on adding compressed information to likely attack packets, thus giving victims a clue as to the origin of the attack.

The obvious problem with this approach is that a large volume of "good" traffic is likely to get confused with the bad, which could mean a significant increase in overhead processing for enterprise networks. I recommend that network managers skulk around on the site and spend at least a couple of hours digesting the material. At the very least, youll learn what makes it so hard to track down DoS attackers. And the site makes it easy to pick up pointers on how to protect your network today.