Zombie Identification Port

Most denial of service (DoS) attacks try to exhaust a victim network or server resources by flooding them with a largely exaggerated amount of bogus requests or fake messages. When a given server or network is under a DoS condition, its capability to distinguish good from bogus requests gets severely reduced and the service is refused to some, if not all, legitimate users. In such situation, the most obvious fact for the victim is the DoS condition itself and nothing else. Because of that, the options of the victim server or network are confined to traffic filtering/shaping or, ultimately, to forensic mechanisms. In this paper, a security mechanism based on simple notifications to a special port is proposed, and explained in detail by enumerating different application cases. The mechanism is going to prove itself especially useful for attenuating the impact of reflected DoS attacks and for the detection of malicious software on remote zombie machines, unconsciously contributing to non spoofed distributed attacks.