full paper up for one of the nanog DOS talks on monday


in case folks want to have more details
on this topic before their talk
(pretty interesting stuff...)


      Inferring Internet Denial-of-Service Activity

      David Moore
      Cooperative Association for Internet Data Analysis (CAIDA)
      San Diego Supercomputer Center
      University of California, San Diego

      Geoffrey M. Voelker and Stefan Savage
      Department of Computer Science and Engineering
      University of California, San Diego

      In this paper, we seek to answer a simple question: "How
      prevalent are denial-of-service attacks in the Internet
      today?". Our motivation is to understand quantitatively the
      nature of the current threat as well as to enable longer-term
      analyses of trends and recurring patterns of attacks. We
      present a new technique, called "backscatter analysis", that
      provides an estimate of worldwide denial-of-service activity.
      We use this approach on three week-long datasets to assess the
      number, duration and focus of attacks, and to characterize
      their behavior. During this period, we observe more than 12,000
      attacks against more than 5,000 distinct targets, ranging from
      well known e-commerce companies such as Amazon and Hotmail to
      small foreign ISPs and dial-up connections. We believe that our
      work is the only publically available data quantifying
      denial-of-service activity in the Internet.