Enhanced DDoS in Networking

(1)

Enhanced DDoS in Networking

G. ERAPPA

RESEARCH SCHOLAR, BUNDELKHAND UNIVERSITY,JHANSI Dr.M.K.AGARWAL

Professor,BUNDELKHAND UNIVERSITY,JHANSI

Abstract: In view of the increasing demand for wireless information and data services, providing faster and reliable mobile access is becoming an important concern. Nowadays, not only mobile phones, but also laptops and PDAs are used by people in their professional and private lives. These devices are used separately for the most part that is their applications do not interact. Sometimes, however, a group of mobile devices form a spontaneous, temporary network as they approach each other. This allows e.g. participants at a meeting to share documents, presentations and other useful information. This kind of spontaneous, temporary network referred to as mobile networks (MNs) sometimes just called ad hoc networks or multi-hop wireless networks, and are expected to play an important role in our daily lives in near future.

WIRELESS NETWORKING INTRODUCTION

Wireless networking is an emerging technology that allows users to access information and services electronically, regardless of their geographic position. The use of wireless communication between mobile users has become increasingly popular due to recent performance advancements in computer and wireless technologies. This has led to lower prices and higher data rates, which are the two main reasons why mobile computing is expected to see increasingly widespread use and applications.

There are two distinct approaches for enabling wireless communications between mobile hosts [39]. The first approach is to use a fixed network infrastructure that provides wireless access points. In this network, a mobile host communicates with the network through an access point within its communication radius. When it goes out of range of one access point, it connects with a new access point within its range and starts communicating through it. An example of this type of network is the cellular network infrastructure. A major problem of this approach is handoff, which tries to handle the situation when a connection should be smoothly handed over from one access point to another access point without noticeable delay or packet loss. Another issue is that networks based on a fixed infrastructure are limited to places where there exist such network infrastructures. Figure 2.1 shows a simple infrastructure network with three nodes.

The second approach which is the focus of this thesis research is to form a wireless ad hoc network among users wanting to communicate with each other with no pre-established infrastructure. Laptops and personal digital assistants (PDAs) that communicate directly with each other are examples of nodes in an ad hoc network. Nodes in the ad-hoc network are often mobile, but can also consist of stationary nodes. Each of the nodes has a wireless interface and communicates with others over either radio or infrared channels. Figure shows a simple ad hoc network with three nodes.

Printer

Desktop MobileExistingLAN

Network

Tabl et Laptop

(2)

A Mobile Network (MN) consists of a set of mobile hosts that carry out basic networking functions like packet forwarding, routing, and service discovery without the help of an established infrastructure [1]. Nodes of an ad hoc network rely on one another in forwarding a packet to its destination, due to the limited range of each mobile host’s wireless transmissions. An ad hoc network uses no centralized administration. This ensures that the network will not cease functioning just because one of the mobile nodes moves out of the range of the others. Nodes should be able to enter and leave the network as they wish. Because of the limited transmitter range of the nodes, multiple hops are generally needed to reach other nodes. Every node in an ad hoc network must be willing to forward packets for other nodes. Thus, every node acts both as a host and as a router. The topology of ad hoc networks varies with time as nodes move, join or leave the network. This topological instability requires a routing protocol to run on each node to create and maintain routes among the nodes [21].

Mobile Networks’ Usages

Wireless ad-hoc networks can be deployed in areas where a wired network infrastructure may be undesirable due to reasons such as cost or convenience. It can be rapidly deployed to support emergency requirements, short-term needs, and coverage in undeveloped areas. So there is a plethora of applications for wireless ad-hoc networks. As a matter of fact, any day-to-day application such as electronic email and file transfer can be considered to be easily deployable within an ad hoc network environment.

Also, we need not emphasize the wide range of military applications possible with ad hoc networks. Not to mention, the technology was initially developed keeping in mind the military applications, such as battlefield in an unknown territory where an infrastructured network is almost impossible to have or maintain. In such situations, the ad hoc networks having self-organizing capability can be effectively used where other technologies either fail or cannot be deployed effectively. As a result, some well-known ad hoc network applications are:

Collaborative Work: for some business environments, the need for collaborative computing might be more important outside office environments than inside. After all, it is often the case where people do need to have outside meetings to cooperate and exchange information on a given project.



Crisis-management Applications: these arise, for example, as a result of natural disasters where the entire communications infrastructure is in disorder. Restoring communications quickly is essential. By using ad hoc networks, a communication channel could be set up in hours instead of days/weeks required for wire-line communications.



Personal Area Networking and Bluetooth: a personal area network (PAN) is a short- range, localized network where nodes are usually associated with a given person. These nodes could be attached to someone’s pulse watch, belt, and so on. In these scenarios, mobility is only a major consideration when interaction among several PANs is necessary [22].

Mobile Networks’ Characteristics and Challenges

MANETs have several significant characteristics and challenges. They are as follows:

Dynamic topologies: Nodes are free to move arbitrarily. Thus, the network topology may change randomly and rapidly at unpredictable times, and may consist of both bidirectional and unidirectional links.



Bandwidth-constrained, variable capacity links: Wireless links will continue to have significantly lower capacity than their hardwired counterparts. In addition, the realized throughput of wireless communications, after accounting for the effects of multiple access, fading, noise, and interference conditions, is often much less than a radio's maximum transmission rate.



Energy-constrained operation: Some or all of the nodes in aMN may rely on batteries or other exhaustible means for their energy. For these nodes, the most important system design optimization criteria may be energy conservation.

Security: Mobile wireless networks are generally more prone to physical security threats than fixed-cable nets. The increased possibility of eavesdropping, spoofing, selfish behavior and denial-of-service attacks should be carefully considered.

These characteristics and challenges create a set of underlying assumptions and performance concerns for protocol design which extend beyond those guiding the design of routing within the higher-speed, semi-static topology of the fixed Internet.

Security Goals for MNs

(3)

the network layer, a malicious user can disrupt the normal operation of the routing table in various ways that are presented in a following section. Lastly, on the higher layer, a malicious user can bring down

 Confidentiality: Ensures that certain information is never disclosed to unauthorized users. This attribute is mostly desired when transmitting sensitive information such as military and tactical data. Routing information must also be confidential in some cases when the user’s location must be kept secret.



 Integrity: Guarantees that the message that is transmitted reaches its destination without being changed or corrupted in any way. Message corruption can be caused by either a malicious attack on the network or because of radio propagation failure.



 Authentication: Enables a node to be sure of the identity of the peer with which it communicates. When there is no authentication scheme a node can masquerade as some other node and gain unauthorized access to resources or sensitive information.



 Non-repudiation: Ensures that the originator of a message cannot refuse sending this message. This attribute is useful when trying to detect isolated compromised nodes.



 Access and usage control: Access control ensures that access to information

is controlled by the ad hoc network. Usage control ensures that the information resource is used correctly by the authorized node having the corresponding rights.

Security Attacks inMNs

The security attacks inMNs can be categorized as Active attacks and Passive attacks.

 Active Attack is an attack when misbehaving node has to bear some energy costs in order to perform the threat. Nodes that perform active attacks with the aim of damaging other nodes by causing network outage are considered as malicious



 Passive Attacks are mainly due to lack of cooperation with the purpose of saving energy selfishly. Nodes that make passive attacks with the aim of saving battery life for their own communications are considered to be selfish.

Various types of attacks inMNs are: Modification, Impersonation, Fabrication, Eavesdropping, Replay, Denial of Service, Malicious Software and Lack of Cooperation. Denial of Service attack is described below.

DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACK

DoS Attack

A denial of service (DoS) attack is characterized by an explicit attempt by an attacker to prevent legitimate users of a service from using the desired resources [42]. Examples of denial of service attacks include:

 attempts to “flood” a network, thereby preventing legitimate network traffic

 attempts to disrupt connections between two machines, thereby preventing access to a service  attempts to prevent a particular individual from accessing a service

 attempts to disrupt service to a specific system or person.

DDoS Attack

A DDoS (Distributed Denial-Of-Service) attack is a distributed, large-scale attempt by malicious users to flood the victim network with an enormous number of packets [4]. This exhausts the victim network of resources such as bandwidth, computing power, etc. The victim is unable to provide services to its legitimate clients and network performance is greatly deteriorated. The distributed format adds the “many to one” dimension that makes these attacks more difficult to prevent. A distributed denial of service attack is composed of four elements, as shown in Figure 2.3. First, it involves a victim, i.e., the target host that has been chosen to receive the brunt of the attack. Second, it involves the presence of the attack daemon agents. These are agent programs that actually conduct the attack on the target victim. Attack daemons are usually deployed in host computers. These daemons affect both the target and the host computers.

The task of deploying these attack daemons requires the attacker to gain access and infiltrate the host computers. The third component of a distributed denial of service attack is the control master program. Its task is to coordinate the attack. Finally, there is the real attacker, the mastermind behind the attack. By using a control master program, the real attacker can stay behind the scenes of the attack. The following steps take place during a distributed attack:

 The real attacker sends an “execute” message to the control master program.

 The control master program receives the “execute” message and propagates the command to the attack daemons under its control.



 Upon receiving the attack command, the attack daemons begin the attack on the vic Distributed Cooperative Architecture of DDoS Attacks

(4)

Therefore, there must be control channels between the agents and the attacker [37]. This cooperation requires all agents send traffic based on commands received from the attacker. The network which consists of the attacker, agents, and control channels is called the attack networks. In [4], attack networks are divided into three types: the agent-handle model, the Internet Relay Chat (IRC)-based model, and the reflector model.

The agent-handler model consists of three components: attacker, handlers, and agents [43]. Figure 2.4 illustrates the typical architecture of the model. One attacker sends control messages to the previously compromised agents through a number of handlers, instructing them to produce unwanted traffic and send it to the victim.

Figure Typical architecture of a DDoS attack.

The architecture of IRC-based model is not that much different than that of the agent-handler model except that instead of communication between an attacker and agents based on handlers, an IRC communication channel is used to connect the attacker to agents [4].

Illustrates the architecture of an attack network in the reflector model. The reflector layer

makes a major difference from the typical DDoS attack architecture. In the request messages, the agents modify the source address field in the IP header using the victim's address to replace the real agents' addresses. Then, the reflectors will in turn generate response messages to the victim. As a result, the flooding traffic which reaches the victim is not from a few hundred agents, but from a million reflectors [38]. An exceedingly diffused reflector-based DDoS attack raises the bar for tracing out the real attacker by hiding the attacker behind a large number of reflectors.

(5)

Unlike some types of DDoS attacks, “the reflector does not need to serve as an amplifier" [38]. This means that reflectors still can serve other legitimate requests properly even when they are generating attack traffic. The attacker does not need to compromise reflectors to control their behaviors in the way that agents need to be compromised. Therefore, any host which will return a response if it receives a request can be a reflector. These features facilitate the attacker's task of launching an attack because it just needs to compromise a small number of agents and find a sufficient number of reflectors.

DDoS Attack Taxonomy

There are a wide variety of DDoS attacks. Two types of DDoS attacks are: Active and passive attack. Packet dropping is a type of passive attack in which node drops some or all of data packets sent to it for further forwarding even when no congestion occurs. There are two main classes of DDoS attacks: bandwidth depletion and resource depletion attacks shown in Figure 2.6.

Bandwidth Depletion Attacks

A Bandwidth Depletion Attack is designed to flood the victim network with unwanted traffic that prevents legitimate traffic from reaching the primary victim. Bandwidth depletion attacks can be characterized as flood attacks and amplification attacks.

Flood Attacks: A flood attack involves zombies sending large volumes of traffic to a victim system, to congest the victim system’s network bandwidth with IP traffic. The victim system slows down, crashes, or suffers from saturated network bandwidth, preventing access by legitimate users. Flood attacks have been launched using both UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol) packets.

In a UDP Flood attack, a large number of UDP packets are sent to either random or specified ports on the victim system. The victim system tries to process the incoming data to determine which applications have requested data. If the victim system is not running any applications on the targeted port, it will send out an ICMP packet to the sending system indicating a “destination port unreachable” message.

Often, the attacking DDoS tool will also spoof the source IP address of the attacking packets. This helps hide the identity of the secondary victims since return packets from the victim system are not sent back to the zombies, but to the spoofed addresses. UDP flood attacks may also fill the bandwidth of connections located around the victim system. This often impacts systems located near the victim.

An ICMP flood attack occurs when the zombies send large volumes of ICMP_ECHO_REPLY packets (“ping”) to the victim system. These packets signal the victim system to reply and the combination of traffic saturates the bandwidth of the victim’s network connection. During this attack, the source IP address of the ICMP packet may also be spoofed.

Amplification Attacks: An amplification attack involves the attacker or the zombies sending messages to a broadcast IP address, using this to cause all systems in the subnet reached by the broadcast address to send a reply to the victim system. The broadcast IP address feature is found on most routers; when a sending system specifies a

broadcast IP address as the destination address, the routers replicate the packet and send it to all the IP addresses within the broadcast address range. In this attack, the broadcast IP address is used to amplify and reflect the attack traffic, and thus reduce the victim system’s bandwidth.

The attacker can send the broadcast message directly, or use the agents to send the broadcast message to increase the volume of attacking traffic. If the attacker decides to send the broadcast message directly, this attack provides the attacker with the ability to use the systems within the broadcast network as zombies without needing to infiltrate them or install any agent software.

A DDoS Smurf attack is an example of an amplification attack where the attacker sends packets to a network amplifier (a system supporting broadcast addressing), with the return address spoofed to the victim’s IP address. The attacking packets are typically ICMP ECHO REQUESTs, which are packets (similar to a “ping”) that request the receiver to generate an ICMP ECHO REPLY packet [23]. The amplifier sends the ICMP ECHO REQUEST packets to all of the systems within the broadcast address range, and each of these systems will return an ICMP ECHO REPLY to the target victim’s IP address [24]. This type of attack amplifies the original packet tens or hundreds of times.

(6)

A Resource Depletion Attack is an attack that is designed to tie up the resources of a victim system making the victim unable to process legitimate requests for service. DDoS resource depletion attacks involve the attacker sending packets that misuse network protocol communications or are malformed. Network resources are tied up so that none are left for legitimate users.

Protocol Exploit Attacks: We give two examples, one misusing the TCP SYN (Transfer Control Protocol Synchronize) protocol, and the other misusing the PUSH+ACK protocol.

In a DDoS TCP SYN attack, the attacker instructs the zombies to send bogus TCP SYN

requests to a victim server in order to tie up the server’s processor resources, and hence prevent the server from responding to legitimate requests. The TCP SYN attack exploits the three-way handshake between the sending system and the receiving system by sending large volumes of TCP SYN packets to the victim system with spoofed source IP addresses, so the victim system responds to a nonrequesting system with the ACK+SYN. When a large volume of SYN requests are being processed by a server and none of the ACK+SYN responses are returned, the server eventually runs out of processor and memory resources, and is unable to respond to legitimate users.

In a PUSH + ACK attack, the attacking agents send TCP packets with the PUSH and ACK bits set to one. These triggers in the TCP packet header instruct the victim system to unload all data in the TCP buffer (regardless of whether or not the buffer is full) and send an acknowledgement when complete. If this process is repeated with multiple agents, the receiving system cannot process the large volume of incoming packets and the victim system will crash.

Malformed Packet attacks: A malformed packetattack is an attack where the attacker instructs thezombies to send incorrectly formed IP packets to the victim system in order to crash it. There are at least two types of malformed packet attacks.

In an IP address attack, the packet contains the same source and destination IP addresses. This can confuse the operating system of the victim system and can cause the victim system to crash.

In an IP packet options attack, a malformed packet may randomize the optional fields within an IP packet and set all quality of service bits to one so that the victim system must use additional processing time to analyze the traffic. If this attack is multiplied, it can exhaust the processing ability of the victim system.

ROUTING PROTOCOLS INMNs

The routing protocols in d hoc networks may be categorized as proactive routing protocols, reactive routing protocols, and hybrid routing protocols.

 Proactive Routing Protocols are those protocols, in which the routes are maintained to all the nodes, including those nodes to which packets are not sent. An example of proactive routing protocols in ad hoc networks is Optimized Link State Routing Protocol (OLSR).



 Reactive Routing Protocols are those protocols in which the route between the two nodes is constructed only when the

communication occurs between the two nodes. Such type of routing protocols is ad hoc On Demand Distance Vector Routing Protocol (AODV) and Dynamic Source Routing Protocol (DSR).

 Hybrid Routing Protocols are those protocols in which the combined approach of proactive routing and reactive routing are used for the route generation between

the nodes. The Zone Routing Protocol (ZRP) is such a hybrid reactive/proactive routing protocols. A description of AODV routing protocol, chosen for routing is described below:

Ad hoc On Demand Distance Vector Protocol (AODV):

It is a routing protocol forMNs and other wireless ad-hoc networks. AODV is capable of both unicast and multicast routing. It is a reactive routing protocol, meaning that it establishes a route to a destination only on demand. In contrast, the most common routing protocols of the Internet are proactive, meaning they find routing paths independently of the usage of the paths. AODV is, as the name indicates, a distance-vector routing protocol. AODV avoids the counting-to-infinity problem of other distance-vector protocols by using sequence numbers on route updates.

(7)

Much of the complexity of the protocol is to lower the number of messages to conserve the capacity of the network. For example, each request for a route has a sequence number. Nodes use this sequence number so that they do not repeat route requests that they have already passed on. Another such feature is that the route requests have a "time to live" number that limits how many times they can be retransmitted. Another such feature is that if a route request fails, another route request may not be sent until twice as much time has passed as the timeout of the previous route request.

AODV routing protocol uses an on-demand approach for finding routes, that is, a route is established only when it is required by a source

node for transmitting data packets. It employs destination sequence numbers to identify the most recent path. The major difference between AODV and DSR stems out from the fact that DSR uses source routing in which a data packet carries the complete path to be traversed. However, in AODV, the source node and the intermediate nodes store the next-hop information corresponding to each flow for data packet transmission. AODV builds routes using a route request / route reply query cycle In an on-demand routing protocol, the source node floods the RouteRequest (RREQ) packet in the network when a route is not available for the desired destination. It may obtain multiple routes to different destinations from a single RREQ. The major difference between AODV and other on-demand routing protocols is that it uses a destination sequence number (DestSeqNum) to determine an up-to-date path to the destination. A node updates its path information only if the DestSeqNum of the current packet received is greater than the last DestSeqNum stored at the node. A RREQ carries the source identifier (SrcID), the destination identifier (DestID), the source sequence number (SrcSeqNum), the destination sequence number (DesSeqNum), the broadcast identifier (BcastID), and the time to live (TTL) field. DestSeqNum indicated the freshness of the route that is accepted by the source. When an intermediate node receives a RREQ, it either forwards it or prepares a RouteReply (RREP) if it has a valid route to the destination. The validity of a route at the intermediate node is determined by comparing the sequence number at the intermediate node with the destination sequence number in the RREQ packet. If a RREQ is received multiple times, which is indicated by the BcastID-SrcID pair, the duplicate copies are discarded. All intermediate nodes having valid routes to the destination, or the destination node itself, are allowed to send RREP packets to the source. Every intermediate node, while forwarding a RREQ, enters the previous node address and it’s BcastID. A timer is used to delete this entry in case a RREP is not received before the timer expires. This helps in storing an active path at the intermediate node as AODV does not employ source routing of data packets. When a node receives a RREP packet, information about the previous node from which the packet was received is also stored in order to forward the data packet to this next node as the next hop toward the destination.

If a link break occurs while the route is active, the node upstream of the break propagates a route error (RERR) message to the source node to inform it of the now unreachable destination (s). After receiving the RERR, if the source node still desires the route, it can reinitiate route discovery.

Path Discovery: It is initiated when a communication need arises. Source node initiates path discovery by broadcasting a route request (RREQ) packet to its neighbors. Every node maintains two separate counters: i) Sequence number (SeqNum) ii) Broadcast-id (BcastID). A neighbor either broadcasts the RREQ to its neighbors or satisfies the RREQ by sending a RREP back to the source. Later copies of the same RREQ request are discarded

 Reverse Path Setup: Reverse path are automatically set-up. Node records the address of the sender of RREQ. Entries are discarded after a time-out period.



 Forward Path Setup: Eventually, a RREQ arrives at a node that possesses the current route for the destination (Comparison of SeqNum). Node unicasts a route reply packet (RREP) back to the neighbor from which it received the RREQ. The RREP travels along the path established in the reverse path set-up. Each node along the RREP journey sets up a forward pointer, updates time-out entries, records the destination sequence number of requested destination.

Advantages:

The main advantage of this protocol is that routes are established on demand and destination sequence numbers are used to find the latest route to the destination. The connection setup delay is less. Another advantage of AODV is that it creates no extra traffic for communication along existing links. Also, distance vector routing is simple, and doesn't require much memory or calculation.

Disadvantages:

(8)

but not the latest destination sequence number, thereby having stale entries. Also multiple RREP packets in response to a single RREQ packet can lead to heavy control overhead. Another disadvantage of AODV is that the periodic beaconing leads to unnecessary bandwidth consumption.

Conclusion

In this chapter, background information relating to the core of the thesis is discussed. This chapter presents introduction toMNs, its usages and its characteristics. In this chapter we presented the security goals and challenges that the field of ad

hoc networking faces. It also presents various security goals forMNs and types of attacks inMNs. Then, a discussion about DDoS attacks and its taxonomy was given. Finally detailed description AODV routing protocol was given.

REFERENCES

[1] Han L; Wireless Ad hoc Network; October 8, 2004.

[2]Kamanshis Biswas and Md. Liakat Ali; Security Threats in Mobile Ad Hoc Network; Master Thesis; Thesis no: MCS-2007:07; March 22, 2007.

[3]Vesa Kärpijoki; Security in Ad Hoc Networks; Helsinki University of Technology; HUT TML 2000.

[4] Stephen M. Specht and Ruby B. Lee; Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures; Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, 2004 International Workshop on Security in Parallel and Distributed Systems, pp. 543-550; September 2004.

[5] Felix Lau, Stuart H. Rubin, Michael H. Smith and Ljiljana TrajkoviC; Distributed Denial of Service Attacks; 2275-2280/2004 IEEE.

[6] Andrim Piskozub; Denial of Service and Distributed Denial of Service Attacks; TCSET 2002; February 18-23, 2002; Lviv – Shavsko,

Ukraine.

[7] Antonio Challita, Mona El Hassan, Sabine Maalouf and Adel Zouheiry; A Survey of DDoS Defense Mechanisms; Department of Electrical and Computer Engineering American University of Beirut; {asc04,mhe03,sem05,atz00} @aub.edu.lb.

[8] Hwee-Xian Tan and Winston K. G. Seah; Framework for Statistical Filtering Against DDOS Attacks inMNs; Proceedings of the Second International Conference on Embedded Software and Systems; 2005 IEEE.

[9] Xianjun Geng and Andrew B. Whinston; Defeating Distributed Denial of Service Attacks; February 2000. [10] Q. Li, E-C. Chang and M. C. Chan; On the Effectiveness of DDoS Attacks on Statistical Filtering; Proceedings of the 24th Annual Conference of the IEEE Communications Society (INFOCOM 2005), Miami; Mar 13-17, 2005.

[11] Yi-an Huang and Wenke Lee; A Cooperative Intrusion Detection System for Ad Hoc Networks; www.cc.gatech.edu/~wenke/papers/sasn.pdf.

[12] Sugata Sanyal, Ajith Abraham, Dhaval Gada, Rajat Gogri, Punit Rathod, Zalak Dedhia and Nirali Mody; Security Scheme for Distributed DoS in Mobile Ad Hoc Networks; www.softcomputing.net/iwdc-manet.pdf.

[13]Mike Just, Evangelos Kranakis and Tao Wan; Resisting Malicious Packet Dropping in Wireless Ad Hoc Networks; www.scs.carleton.ca/~kranakis/Papers/adhocnow03

.pdf.

[14] Bo-Cang Peng and Chiu-Kuo Liang; Prevention Techniques for Flooding Attacks in Ad Hoc Networks; ieeexplore.ieee.org/iel5/9755/30769/01425219.pdf.

[15] Tal Anker, Danny Dolev, and Bracha Hod; Cooperative and Reliable Packet-Forwarding on Top of AODV;

ieeexplore.ieee.org/iel5/11052/34865/01666450.pd f? tp=&isnumber=34865&arnumber=1666450.

[16] Alefiya Hussain, John Heidemann and Christos Papadopoulos; A Framework for Classifying Denial of Service Attacks; SIGCOMM’03; August 25–29, 2003; Karlsruhe, Germany.

[17] F.A. El-Moussa, N. Linge and M. Hope; Active router approach to defeating denial-of-service attacks in networks; © The Institution of Engineering and Technology 2007; doi:10.1049/iet-com:20050441.

[19] Vicky Laurens and Abdulmotaleb El Saddik, Pulak Dhar and Vineet Srivastava; Detecting Distributed Denial of Service Attack Traffic at the Agent Machines; IEEE CCECE/CCGEI, Ottawa, May 2006.

[20] Dhaval Gada, Rajat Gogri, Punit Rathod, Zalak Dedhia and Nirali Mody, Sugata Sanyal and Ajith Abraham; A Distributed Security Scheme for Ad Hoc Networks; www.softcomputing.net/iwdc-manet.pdf.

[21] A. Sun; The design and implementation of fisheye routing protocol for mobile ad hoc networks; M.S. Thesis, Department of Electrical and Computer Science, MIT; May 2002.

[22] R. Duggirala; A Novel Route Maintenance Technique for Ad Hoc Routing Protocols; M.S. Thesis; University of Cincinnati; November 2000.

(9)

[24] Federal Computer Incident Response Center (FedCIRC); Defense Tactics for Distributed Denial of Service Attacks; Washington, DC; 2000.

[25] TFreak; fraggle.c; www.phreak.org/archives/exploits/denial/fraggle.c; May 6, 2003.

[26] D. Adkins, K. Lakshminarayanan, A. Perrig, and I. Stoica; Towards a more functional and secure network infrastructure; University of California, Berkeley, Tech. Rep. UCB/CSD-03-1242, 2003.

[27] D. Sterne, K. Djahandari, B. Wilson, B. Babson, D. Schnackenberg, H. Holliday, and T. Reid; Autonomic response to distributed Denial of

Service attacks; In Proceedings of Recent Advances in Intrusion Detection, 4th International Symposium, Davis, California, USA; Oct. 2001; pp. 134–149.

[28]Horst Hellbr¨uck and Stefan Fischer; Towards analysis and simulation of adhoc networks; In Proceedings of the 2002 International Conference on Wireless Networks (ICWN02), USA, June 2002; pp. 69–75; Available on: http:// citeseer.ist.psu.edu/531702.html.

[29] GloMoSim; Available on: http://pcl.cs.ucla.edu/projects/glomosim. [30]L. Bajaj, M. Takai, R. Ahuja, R. Bagrodia, and

M. Gerla; Glomosim: A scalable network simulation environment; Technical Report 990027, UCLA Computer Science Department; 1999; Available on: citeseer.ist.psu.edu/225197.html.

[31] X. Zeng, R. Bagrodia, and M. Gerla; Glomosim: A library for parallel simulation of large-scale wireless networks; In Workshop on Parallel and Distributed Bibliography 65 Simulation; Canada, May 1998; pp. 154–161; Available on: citeseer.ist.psu.edu/zeng98glomosim.html.

[32] J. Nuevo; A comprehensible glomosim tutorial; March 2003; Available on: http: //www.cs.virginia.edu/~jx9n/courses/cs656/glomo man.pdf.

[33] PARSEC; Available on: http://pcl.cs.ucla.edu/projects/PARSEC.

[34] J. Yoon, M. Liu, and B. Noble; Random waypoint considered harmful; In Proceedings IEEE INFOCOM 2003, San Franciso, CA, USA, 2003.

Available on: http://www.ieee-infocom.org/2003/papers/32_03.PDF.

[35] S. J. Lee, E. M. Belding-Royer, and C. E. Perkins; Scalability study of the ad hoc on-demand distance vector routing protocol; International Journal on Network Management, 13(2):97–114; March-April 2003; Available on: http: //www.cs.ucsb.edu/~ebelding/txt/scalability.pdf.

[36]C. E. Perkins, E. M. Belding-Royer, and S. R. Das; Ad hoc on-demand distance vector (AODV) routing; RFC 3561, IETF; July

2003; Available on: http:

//www.ietf.org/rfc/rfc3561.txt.

[37] J. MÄolsÄa; Mitigating denial of service attacks in computer networks; PhD thesis; Helsinki University of Technology, Espoo, Finland; June 2006.

[38]V. Paxson; An analysis of using reflectors for distributed denial-of-service attacks; ACM SIGCOMM Computer Communication Review, vol. 31, no. 3; July 2001.

[39] Schiller J; Mobile Communication; Second Edition, Pearson Edition.

[40] R. K. Chang; Defending against flooding-based distributed denial-of-service attacks: A tutorial; IEEE Commun. Mag., vol. 40, no. 10; October 2002; pp. 42-51.

[41] Cisco Systems, Inc.; Characterizing and tracing packet floods using cisco routers; May 2005. [42] Pfleeger C P, Pfleeger S L; Security in Computing; Third Edition, Pearson Edition.

[43] Yonghua You; A defense framework for