Evaluation of TFTP DDoS Amplification Attack.

Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Dis-tributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traf-fic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Proto-col (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599,600 publicly open TFTP servers. Mitigation methods to this threat have also been consid-ered and a variety of countermeasures are proposed. Effects of this attack on both amplifier and target were analysed based on the proposed metrics. While it has been reported that the breaching of TFTP would be possible (Schultz, 2013), this paper provides a complete methodology for the setup of the attack, and its verification.

Third Sector Experiences of Work Programme Delivery.

This paper explores the organisational experiences of governmental policy change and implementation on the third sector. Using a four-year longitudinal study of 13 third sector organisations (TSOs) it provides evidence based on the experiences of, and effects on, third sector organisations involved in the UK’s Work Programme in Scotland. The paper explores third sector experiences of the Work Programme during the preparation and introductory phase, as well as the effects of subsequent Work Programme implementation. By gathering evidence contemporaneously and longitudinally a unique in-depth analysis is provided of the introduction and implementation of a major new policy. The resource cost and challenges to third sector ways of working for the organisations in the Work Programme supply chain, as well as those not in the supply chain, are considered. The paper considers some of the responses adopted by the third sector to manage the opportunities and challenges presented to them through the implementation of the Work Programme. The paper also reflects on the broader context of the employability services landscape and raises questions as to whether, as a result of the manner in which the Work Programme was contracted, there is evidence of a move towards service homogenisation, challenging perceived TSO characteristics of service innovation and personalisation.