[12] Results of the Distributed-Systems Intruder Tools
Workshop Pittsburgh, Pensilvania USA, November 2-4
1999, CERT Coordination Center, Software
Engineering Institute, Carnegie Mellon University,
Pittsburgh,
http://www.cert.org/reports/dsit workshop.pdf -
visited 12.11.2000.
[13] Field Notice: 7xx Router Password Bu er Over
ow
Revision 1: December 15 1997,
http://www.cisco.com/warp/public/770/pwbuf-
pub.shtml - visited
18.10.2000.
[14] Microsoft Security Bulletin (MS00-029): Patch
available for 'IP Fragment Reassembly' Vulnerability.
May 19, 2000,
http://www.microsoft.com/technet/security/bulletin/
ms00-029.asp - visited 18.10.2000.
[15] Microsoft Security Bulletin (MS00-23): Patch
available for 'Myriad Escaped Characters'
Vulnerability. April 12, 2000,
http://www.microsoft.com/technet/security/bulletin/
ms00-023.asp - visited 18.10.2000.
[16] K. Wooding. Magni cation Attacks - Smurf, Fraggle,
and Others.
http://www.codetalker.com/whitepapers/dos-
smurf.html - visited
19.10.2000.
[17] C.A. Huegen. The Latest in Denial of Service Attacks:
'Smur ng'; Description and Information to Minimize
E ects. http://www.pentics.net/denial-of-
service/white-papers/smurf.cgi - visited
19.10.2000.
[18] CERT Advisory CA-98.01 'smurf' IP
Denial-of-Service-Attacks. January 5, 1998,
http://www.cert.org/advisories/CA-1998-01.html -
visited 23.10.2000.
[19] daemon9. route in nity, TCP SYN Flooding Attacks.
Phrack magazine, Vol. 7, Issue 48, File 13 of 18, July
1996.
[20] C.L.Schuba et.al. Analysis of a Denial of Service
Attack on TCP. Coast Laboratory, Department of
Computer Science, Purdue University.
[21] CERT Advisory CA-96.21, TCP SYN Flooding and IP
Spoo ng Attacks. September 19, 1996,
http://www.cert.org/advisories/CA-1996-21.html -
visited 23.10.2000.
[22] Web servers / possible DOS Attack / mime header
ooding (archive).
http://www.securityfocus.com/archive/1/
f10516|10520|10521|10525|10526g - visited
23.10.2000.
[23] YA Apache DoS attack (archive).
http://www.securityfocus.com/archive/1/10228 -
visited 23.10.2000.
[24] Rootshell.com. http://www.rootshell.com/ - visited
08.02.2001.
[25] D. Dittrich. The DoS Project's "trinoo" distributed
denial of service attack tool. October 21, 1999,
http://sta .washington.edu/dittrich/misc/
trinoo.analysis.txt - visited 13.11.2000.
[26] Project Loki. Phrack Magazine, Volume Seven, Issue
Forty-Nine, File 06 of 16,
http://www.phrack.com/search.phtml?view
&article=p49-6 - visited 23.10.2000.
[27] L O K I 2 (the implementation). Phrack Magazine
Volume 7, Issue 51 September 01, 1997, article 06 of
17, http://www.phrack.com/search.phtml?view
&article=p51-6 - visisted 23.10.2000.
[28] D. Dittrich. The 'Tribe Flood Network' distributed
denial of service attack tool. October 21, 1999,
http://sta .washington.edu/dittrich/misc/
tfn.analysis.txt - visited 13.11.2000.
[29] J. Barlow, W. Thrower. TFN2K - An Analysis.
AXENT Security Team, February 10, 2000 (Updated
March 7, 2000) Revision: 1.3,
http://packetstorm.securify.com/distributed/
TFN2k Analysis-1.3.txt - visited 13.11.2000.
[30] D. Dittrich. The 'stacheldraht' distributed denial of
service attack tool. December 31, 1999,
http://sta .washington.edu/dittrich/misc/
tfn.analysis.txt - visited 13.11.2000.
[31] P. Ferguson, D. Senie. RFC 2267, Network Ingress
Filtering: Defeating Denial of Service Attacks which
employ IP Source Address Spoo ng. Cisco Systems
Inc., BlazeNet Inc., January 1998.
[32] D.J. Bernstein. SYN Cookies.
ftp://koobera.math.uic.edu/syncookies.html - visited
13.11.2000.
[33] X. Geng, A.B. Whinston. Defeating Distributed Denial
of Service Attacks. IEEE IT-Pro, July/Aug. 2000.
[34] Submissions to the Paketstorm DDOS paper constest.
http://packetstorm.securify.com/papers/contest/ -
visited 13.11.2000.
[35] Linux Virtual Server.
http://www.linuxvirtualserver.org/ - visisted
13.11.2000.
[36] Linux Advanced Routing HOWTO.
http://www.linuxdoc.org/ - visited 14.02.2001.
[37] Jef Poskanzer. http load.
http://www.acme.com/software/ - visited 10.02.2001.
[38] Arrowpoint. Whitepaper: Web Site Security and
Denial of Service Protection.
http://www.arrowpoint.com/solutions/white papers/
printer/Web Site Security.html - visited 12.11.2000.
[39] F5. Whitepaper: A Defense To Denial of Service
Attacks and Other Cyber Threats.
http://secure.f5.com/solutions/whit
Workshop Pittsburgh, Pensilvania USA, November 2-4
1999, CERT Coordination Center, Software
Engineering Institute, Carnegie Mellon University,
Pittsburgh,
http://www.cert.org/reports/dsit workshop.pdf -
visited 12.11.2000.
[13] Field Notice: 7xx Router Password Bu er Over
ow
Revision 1: December 15 1997,
http://www.cisco.com/warp/public/770/pwbuf-
pub.shtml - visited
18.10.2000.
[14] Microsoft Security Bulletin (MS00-029): Patch
available for 'IP Fragment Reassembly' Vulnerability.
May 19, 2000,
http://www.microsoft.com/technet/security/bulletin/
ms00-029.asp - visited 18.10.2000.
[15] Microsoft Security Bulletin (MS00-23): Patch
available for 'Myriad Escaped Characters'
Vulnerability. April 12, 2000,
http://www.microsoft.com/technet/security/bulletin/
ms00-023.asp - visited 18.10.2000.
[16] K. Wooding. Magni cation Attacks - Smurf, Fraggle,
and Others.
http://www.codetalker.com/whitepapers/dos-
smurf.html - visited
19.10.2000.
[17] C.A. Huegen. The Latest in Denial of Service Attacks:
'Smur ng'; Description and Information to Minimize
E ects. http://www.pentics.net/denial-of-
service/white-papers/smurf.cgi - visited
19.10.2000.
[18] CERT Advisory CA-98.01 'smurf' IP
Denial-of-Service-Attacks. January 5, 1998,
http://www.cert.org/advisories/CA-1998-01.html -
visited 23.10.2000.
[19] daemon9. route in nity, TCP SYN Flooding Attacks.
Phrack magazine, Vol. 7, Issue 48, File 13 of 18, July
1996.
[20] C.L.Schuba et.al. Analysis of a Denial of Service
Attack on TCP. Coast Laboratory, Department of
Computer Science, Purdue University.
[21] CERT Advisory CA-96.21, TCP SYN Flooding and IP
Spoo ng Attacks. September 19, 1996,
http://www.cert.org/advisories/CA-1996-21.html -
visited 23.10.2000.
[22] Web servers / possible DOS Attack / mime header
ooding (archive).
http://www.securityfocus.com/archive/1/
f10516|10520|10521|10525|10526g - visited
23.10.2000.
[23] YA Apache DoS attack (archive).
http://www.securityfocus.com/archive/1/10228 -
visited 23.10.2000.
[24] Rootshell.com. http://www.rootshell.com/ - visited
08.02.2001.
[25] D. Dittrich. The DoS Project's "trinoo" distributed
denial of service attack tool. October 21, 1999,
http://sta .washington.edu/dittrich/misc/
trinoo.analysis.txt - visited 13.11.2000.
[26] Project Loki. Phrack Magazine, Volume Seven, Issue
Forty-Nine, File 06 of 16,
http://www.phrack.com/search.phtml?view
&article=p49-6 - visited 23.10.2000.
[27] L O K I 2 (the implementation). Phrack Magazine
Volume 7, Issue 51 September 01, 1997, article 06 of
17, http://www.phrack.com/search.phtml?view
&article=p51-6 - visisted 23.10.2000.
[28] D. Dittrich. The 'Tribe Flood Network' distributed
denial of service attack tool. October 21, 1999,
http://sta .washington.edu/dittrich/misc/
tfn.analysis.txt - visited 13.11.2000.
[29] J. Barlow, W. Thrower. TFN2K - An Analysis.
AXENT Security Team, February 10, 2000 (Updated
March 7, 2000) Revision: 1.3,
http://packetstorm.securify.com/distributed/
TFN2k Analysis-1.3.txt - visited 13.11.2000.
[30] D. Dittrich. The 'stacheldraht' distributed denial of
service attack tool. December 31, 1999,
http://sta .washington.edu/dittrich/misc/
tfn.analysis.txt - visited 13.11.2000.
[31] P. Ferguson, D. Senie. RFC 2267, Network Ingress
Filtering: Defeating Denial of Service Attacks which
employ IP Source Address Spoo ng. Cisco Systems
Inc., BlazeNet Inc., January 1998.
[32] D.J. Bernstein. SYN Cookies.
ftp://koobera.math.uic.edu/syncookies.html - visited
13.11.2000.
[33] X. Geng, A.B. Whinston. Defeating Distributed Denial
of Service Attacks. IEEE IT-Pro, July/Aug. 2000.
[34] Submissions to the Paketstorm DDOS paper constest.
http://packetstorm.securify.com/papers/contest/ -
visited 13.11.2000.
[35] Linux Virtual Server.
http://www.linuxvirtualserver.org/ - visisted
13.11.2000.
[36] Linux Advanced Routing HOWTO.
http://www.linuxdoc.org/ - visited 14.02.2001.
[37] Jef Poskanzer. http load.
http://www.acme.com/software/ - visited 10.02.2001.
[38] Arrowpoint. Whitepaper: Web Site Security and
Denial of Service Protection.
http://www.arrowpoint.com/solutions/white papers/
printer/Web Site Security.html - visited 12.11.2000.
[39] F5. Whitepaper: A Defense To Denial of Service
Attacks and Other Cyber Threats.
http://secure.f5.com/solutions/whit
No comments:
Post a Comment