Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
LISA 2000 Abstract

Analyzing Distributed Denial Of Service Tools: The Shaft Case

Sven Dietrich,NASA Goddard Space Flight Center; Neil Long, Oxford University ; and David Dittrich,University of Washington


In this paper we present an analysis of Shaft, an example of malware used in distributed denial of service (DDoS) attacks. This relatively recent occurrence combines well-known denial of service attacks (such as TCP SYN flood, smurf, and UDP flood) with a distributed and coordinated approach to create a powerful program, capable of slowing network communications to a grinding halt.

Denial of service attack programs, root kits, and network sniffers have been around in the computer underground for a very long time. They have not gained nearly the same level of attention by the general public as did the Morris Internet Worm of 1988, but have slowly progressed in their development. As more and more systems have come to be required for business, research, education, the basic functioning of government, and now entertainment and commerce from people's homes, the increasingly large number of vulnerable systems has converged with the development of these tools to create a situation that resulted in distributed denial of service attacks that took down the largest e-commerce and media sites on the Internet.

In contrast, we provide a comparative analysis of several distributed denial of service tools (e.g., Trinoo, TFN, Stacheldraht, and Mstream), look at emerging countermeasures against some of these tools. We look at practical examples of these techniques, provide some examples from test environments and finally talk about future trends of these distributed tools.

?Need help? Use our Contacts page.

Last changed: 16 Jan. 2002 ml
Technical Program
LISA 2000 Home