Abstract - Technical Program - ID 99
Defending Against the Wily SurferWeb-based Attacks and
Daniel V. Klein, Cybertainment, Inc.
Intrusions are often viewed as catastrophic events
which destroy systems, wreak havoc on data through corruption or
substitution, yield access to closely guarded sensitive information, or
provide a springboard for hackers to attack other systems.
Yet not all intrusions on the Web are the blatant,
smash-and-grab, trash-the-site kind of attacks. Many attacks are more
subtle, and some involve what appears to be normal access to the site
(but appearances are deceiving!) This paper presents a compendium of
some of the dirty tricks on the Web. These are used to steal bandwidth
and server load (as well as revenue) from web sites around the Internet.
Other tricks funnel hits to sites other than the intended destination,
while additional, more obvious techniques are used to bypass payment
schemes and gain free access to sites. A different class of attacks
targets the client, instead of the server. Some of the dirty tricks are
preventable up-front, while others can only be detected after the
security holes have been exploited and always, there needs
to be a balance between accessibility and vulnerability. We present a
compendium of problems, attacks, and solutions. Many of the attacks and
preventions seem "obvious" once known this
paper aims to
forearm by forewarning the reader.
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it
- To become a USENIX Member, please see our Membership Information.