Now, a novel filtering system to protect computer networks from zombies.
Auburn University Auburn University, main campus at Auburn, Ala.; land-grant and state supported; opened 1859 as East Alabama Male College, reorganized 1872 as the Agricultural and Mechanical College of Alabama; became coeducational 1892; renamed Alabama Polytechnic Institute 1899, experts in Alabama say that security on government, commercial, and educational systems can be significantly improved by using a novel system to filter out denial of service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. on computer networks, including cloud computing (1) Running applications in or from network servers. Computing "in the cloud" may refer to a company's own network, but often refers to the Internet and the use of Web browser-based or rich client applications. systems.
Reporting about such a filter in the Int. J. Information and Computer Security, the researchers have pointed out that denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS) and distributed Denial of Service (DDoS) attacks involve an attempt to make a computer resource unavailable to its intended users.
This may simply be for malicious purposes as is often the case when big commercial or famous web sites undergo a DDoS attack, they say.
However, according to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. the researchers, it is also possible to exploit the system's response to such an attack to break system firewalls, access virtual private networks, and to access other private resources.
They say that a DoS attack See denial of service attack. can also be used to affect a complete network or even a whole section of the Internet.
The existing methods for configuring a network to filter out known DoS attack software, and to recognize some of the traffic patterns associated with a mounting DoS attack usually rely on the computer being attacked to check whether or not incoming information requests are legitimate or not.
This consumes its resources, and can compound the problem in the case of a massive DDoS.
Now, computer engineers John Wu, Tong Liu, Andy Huang, and David Irwin have devised a filter to protect systems against DoS attacks that circumvents this problem by developing a new passive protocol that must be in place at each end of the connection: user and resource.
Dubbed dub 1
tr.v. dubbed, dub·bing, dubs
1. To tap lightly on the shoulder by way of conferring knighthood.
2. To honor with a new title or description.
3. Identity-Based Privacy-Protected Access Control Filter (IPACF), the new technology blocks threats to the gatekeeping computers, the Authentication Servers (AS), and so allows legitimate users with valid passwords to access private resources.
The user's computer has to present a filter value for the server to do a quick check. The filter value is a one-time secret that needs to be presented with the pseudo Similar to; made up to appear like something else. See pseudo compiler, pseudo language and pseudonymous.
(jargon) pseudo - /soo'doh/ (Usenet) Pseudonym.
1. An electronic-mail or Usenet persona adopted by a human for amusement value or as a means of avoiding negative ID. The pseudo ID is also one-time use. Attackers cannot forge either of these values correctly and so attack packets are filtered out.
Testing how well IPACF copes in the face of a massive DDoS attacks simulated on a network consisting of 1000 nodes with 10 gigabits per second bandwidth, the researchers have found that the server suffers little degradation, negligible added information transfer delay (latency) and minimal extra processor usage even when the 10 Gbps pipe to the authentication server is filled with DoS packets.
Indeed, the IPACF takes just 6 nanoseconds to reject a non-legitimate information packet associated with the DoS attack. (ANI)
Copyright 2009 Asian News International The Asian News International (ANI) agency provides multimedia news to China and 50 bureaus in India. It covers virtually all of South Asia since its foundation and presently claims, on its official website, to be the leading South Asia-wide news agency. (ANI) - All Rights Reserved.
Provided by Syndigate.info an Albawaba.com company