DDoS attacks are coordinated and large scale in order for them to be effective. The attackers start by infiltrating vulnerabilities within the systems of hosts. Even large companies like Yahoo and Amazon have been the victim of DDoS attacks.
Email spoofing, where the email address is deliberately altered makes early detection more difficult. The attacker can also vary the content of the attack packets which allows for a more prolonged attack.
Cisco systems information show that the first computers infiltrated are known as 'Handlers'. These handlers will then automatically infiltrate other hosts known as 'Agents' which will be responsible for sending a stream of packets to the victim server / system. The larger the size of the agent pool, the more destructive the DDoS attack and it is difficult to find the initial source of the attack.
Hosting companies use defencemechanisms to limit the impact of attacks. ‘Source end schemes’ limit the amount of traffic if unusually high volumes are experienced. The paper proposed that an algorithm to control the flow of traffic into a server.
algorithms can be used to pre-detrmine how many anomolous packets to allow to pass into a system and if this figure exceeds what is expected the system will them block all packets temporarily. This method can now be used to schedule traffic in order to mitigate DDoS attacks.
Anomaly based Real Time Prevention (ARTP) can be used to detect any traffic that is unusual by comparing packet content and time frame length. The packet is then denoted either 'N' for normal or 'D' for possible DDoS and if the number of 'D' is too high the packets are stopped.