Evaluation of TFTP DDoS Amplification Attack.

Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Dis-tributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traf-fic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Proto-col (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599,600 publicly open TFTP servers. Mitigation methods to this threat have also been consid-ered and a variety of countermeasures are proposed. Effects of this attack on both amplifier and target were analysed based on the proposed metrics. While it has been reported that the breaching of TFTP would be possible (Schultz, 2013), this paper provides a complete methodology for the setup of the attack, and its verification.

Exploring the contribution of workplace learning to an HRD strategy in the Scottish legal profession.

Purpose – The purpose of this paper is to explore the relevance of human resource development (HRD) for law firms in the UK. It examines how the characteristics of legal professional practice in the UK, including the partnership structure, long established methods of targeting solicitors and the law society, may act as barriers to the implementation of HRD. Design/methodology/approach – The paper uses an exploratory case study research approach to investigate characteristics and issues influencing the adoption of HRD in a Scottish legal firm. Primary data are collected via semi-structured interviews with a cross-section of representatives. Findings – Despite recognition of the importance of learning, the characteristic elements of law firms, including the partnership structure; the pervasiveness of time-billed targets in the solicitor community; and HR’s profile and acceptance among the solicitor community, remain as barriers to the applicability of HRD. The research also exposes variability on the level and scope of development opportunities, an emphasis on technical skills development, and a lack of solicitors’ self-managed learning ability. Research limitations/implications – While the research findings provide a useful insight into the barriers to HRD in one legal firm, this does not allow for any generalisations being drawn from the study. Practical implications – The paper explores the suitability of workplace learning to support legal professional development. Originality/value – There is a dearth of research into HRD in legal practices in the UK. The paper contributes to the contextual influences that limit the applicability of HRD to legal professional practices.