The problems and connections of network virus protection and the protection against denial of service attacks
Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004, NIIF, Hungary.
keywords: virus, denial of service attack, e-mail
abstract First I will provide some introduction into the problems and solutions in both the network virus protection and the protection against Distributed Denial of Service (DDoS). I will show the usual and most workable methods in the area of virus protection: client-side virus protection, mail server / relay server protection (with the priority of open source tools) (e.g. linux, amavis, mailscanner, clamav, unix virus scanners, „mail gateway” protection software), content-filtering tools (filtering web traffic), extended file access control systems (RSBAC malware scan module). I will also introduce the problem area of DDoS protection: Different types of DDoS attacks (protocol fault („magic packet”), network bandwidth overflow, server resource consumption). I will also show the most usable techniques for the protection (error correction, firewalls, anomaly detection (SYN flood protection etc.), protection based on network analysis) and will provide some data about the recent major attacks (Ebay, SCO, anti-spam rbl providers, zombie networks). After the introduction I will show the possible DDoS problems of the network virus protection: The resource consumption of the virus protection, the possibility of flooding, the dangers of virus reports and e-mail alerts. After defining the problems Iâ€™ll show our proposed solutions: A virus protection system combined with the technique of network analysis to protect the system against DoS attacks. The incoming mails will be examined by the network analysis engine and therefore it makes possible to filter out DDoS attacks against the virus protection system. Our proposed solution might be useful against unknown (not detectable) viruses and in the area early epidemic protection. To support our method Iâ€™ll show the details of the structure of our pilot implementation.