Tracing the Source of Denial of Service AttacksAbstract: Denial of Service attacks are becoming more widespread and severe, but the anonymity these attacks provide it provides the hacker no means for a victim to trace the attack. The weakness of the TCP/IP protocol allows for this anonymity, but it would be very difficult to change this protocol. Savage, Wetherall, Karlin, and Anderson present a method for tracing the source IP address and network path of denial of service attacks. As the Internet becomes increasingly vital to the daily lives of millions of people around the world, it is also becoming increasingly vulnerable to hackers. By forcing down servers or websites, hackers have the ability to influence almost every aspect of modern society; finances, security, education and many more. A common method used by hackers to maliciously target these servers is a denial of service attack. Savage, Wetherall, Karlin, and Anderson define denial-of-service attacks as those that "consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the most difficult security problems to address." address because they are simple to implement, difficult to prevent, and very difficult to track.”1 Denial of service attacks and the means available to servers to manage and track such attacks present numerous ethical questions. The Computer Emergency Response Team, CERT, is a group based at Carnegie Mellon University. CERT describes its purpose as “[studying] Internet security vulnerabilities, providing incident response services to sites that have been victims of attacks, publishing a series of security advisories, carrying out research in large-scale network processing area and develop information and training to help you improve the security of your site." 2 This simple description presents an ethical dilemma; Should this team publish information about new vulnerabilities that will provide hackers with sources from which to create new DOS attacks? As new software packages are developed at an increasing rate, there will inevitably be more bugs that provide vulnerabilities to DOS attacks. If hackers have the same access to information about these vulnerabilities as system administrators, can system administrators "keep up" with hackers? A fairly simple observation seems to answer this question. In modern society it is increasingly difficult to keep secrets. For example, a few years ago, Intel found a bug in the Pentium chip, but did not release information about this bug.