Public, private, and academic researchers are collaborating on new distributed denial-of-service (DDoS) defenses, a goal made all the more urgent by last month's DDoS attack on domain name system (DNS) provider Dyn.
Such efforts are overseen by Dan Massey, program manager for the U.S. Department of Homeland Security Advanced Research Projects Agency Cyber Security Division. Projects Massey is underwriting include a collaboration between the University of Delaware and others to identify new types of attacks, and the University of Houston's probe of on-demand network capacity to manage attacks.
"We need to think about creating multiple paths for getting DNS information between the creator and consumers of that information," says ThreatSTOP chief scientist Paul Mockapetris.
The anti-DDoS measure with the most longevity likely is the Internet Engineering Task Force's Best Current Practice #38, which prevents a network from sending packets with counterfeit IP addresses.
However, officials at the University of California, San Diego's Center for Applied Internet Data Analysis (CAIDA) say a protocol is lacking for Internet authorities to enforce such standards.
CAIDA runs the Spoofer Project to enable users to see if their network permits forged packets. The center estimates 75% of 435 million tested Internet Protocol addresses are currently unspoofable.
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA