Detecting and Reacting against Distributed Denial of Service Attacks

Distributed denial of service attacks (DDoS) are becoming a big threat to the Internet. Recently, some DDoS attacks have infected more than 100,000 vulnerable hosts over Internet within 10 minutes. Consequences of these attacks can be devastating toward many companies whose security policy against this kind of attacks relies only on reconfiguring firewalls. It is judicious to note that no computer network is immune from intrusions in general and distributed denial of service attacks in particular. Intrusion detection systems should be geographically distributed to detect distributed and cooperated attacks. In this paper, we use a cooperative approach, which uses the Intrusion Detection Message Exchange Format (IDMEF) defined by the IETF, that can detect coordinated attack scenarios through alert correlation of distributed IDSs. We present our experience in realizing this cooperative system and the different results obtained from its implementation in a real network.