A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

Symptoms and manifestations

The United States Computer Emergency Readiness Team (US-CERT) defines symptoms of denial-of-service attacks to include:

Unusually slow network performance (opening files or accessing web sites)

Unavailability of a particular web site

Inability to access any web site

Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

Methods of attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

# Consumption of computational resources, such as bandwidth, disk space, or processor time. # Disruption of configuration information, such as routing information. # Disruption of state information, such as unsolicited resetting of TCP sessions. # Disruption of physical network components. # Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:

Max out the processor's usage, preventing any work from occurring.

Trigger errors in the microcode of the machine.

Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.

Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.

Crash the operating system itself.

ICMP flood

A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. The network's bandwidth is quickly used up, preventing legitimate packets from getting through to their destination. To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify misconfigured networks and to take appropriate action such as filtering.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from unix-like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

Ping of death is based on sending the victim a malformed ping packet, which might lead to a system crash.

SYN flood

A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

Teardrop attacks

A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP fragmentation re-assembly code. Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Around September 2009, a vulnerability in Windows Vista was referred to as a "teardrop attack", but the attack targeted SMB2 which is a higher layer than the TCP packets that teardrop used.

Low-rate Denial-of-Service attacks

Recently a new kind of DoS attack, Low-rate Denial-of-Service (LDoS) attack, has been proposed that exploits TCP’s retransmission timeout mechanism to reduce TCP throughput without being detected. Compared to traditional flooding based Denial-of-Service attacks, the low-rate DoS attack does not employ a “sledge-hammer” approach of high-rate transmission of packets, and consequently eludes detection. These kinds of attacks are also called shrew attacks, Pulsing DoS (PDoS) attacks, and Reduction of Quality (RoQ) attacks. Recent Publications in low-rate Denial-of-Service (DoS) attacks

The Low-rate DoS (LDoS) attack exploits TCP’s slow-time-scale dynamics of retransmission time-out (RTO) mechanisms to reduce TCP throughput. Basically, an attacker can cause a TCP flow to repeatedly enter a RTO state by sending high-rate, but short-duration bursts, and repeating periodically at slower RTO time-scales. The TCP throughput at the attacked node will be significantly reduced while the attacker will have low average rate making it difficult to be detected.

Also see Sockstress.

Peer-to-peer attacks

Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DDoS attacks. The most aggressive of these peer-to-peer-DDoS attacks exploits DC++. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead. As a result, several thousand computers may aggressively try to connect to a target website. While a typical web server can handle a few hundred connections per second before performance begins to degrade, most web servers fail almost instantly under five or six thousand connections per second. With a moderately large peer-to-peer attack, a site could potentially be hit with up to 750,000 connections in short order. The targeted web server will be plugged up by the incoming connections.

While peer-to-peer attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250,000 during the course of a large-scale attack) means that this type of attack can overwhelm mitigation defenses. Even if a mitigation device can keep blocking IP addresses, there are other problems to consider. For instance, there is a brief moment where the connection is opened on the server side before the signature itself comes through. Only once the connection is opened to the server can the identifying signature be sent and detected, and the connection torn down. Even tearing down connections takes server resources and can harm the server.

This method of attack can be prevented by specifying in the peer-to-peer protocol which ports are allowed or not. If port 80 is not allowed, the possibilities for attack on websites can be very limited.

Asymmetry of resource utilization in starvation attacks

An attack which is successful in consuming resources on the victim computer must be either:

carried out by an attacker with great resources, by either:

* controlling a computer with great computation power or, more commonly, large network bandwidth

* controlling a large number of computers and directing them to attack as a group. A DDOS attack is the primary example of this.

taking advantage of a property of the operating system or applications on the victim system which enables an attack consuming vastly more of the victim's resources than the attacker's (an asymmetric attack). Smurf attack, SYN flood, Sockstress and NAPTHA are all asymmetric attacks.

An attack may utilize a combination of these methods in order to magnify its power.

Permanent denial-of-service attacks

A permanent denial-of-service (PDoS), also known loosely as phlashing, is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as ''flashing.'' This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London.

Application-level floods

On IRC, IRC floods are a common electronic warfare weapon .

Various DoS-causing exploits such as buffer overflow can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time.

Other kinds of DoS rely primarily on brute force, flooding the target with an overwhelming flux of packets, oversaturating its connection bandwidth or depleting the target's system resources. Bandwidth-saturating floods rely on the attacker having higher bandwidth available than the victim; a common way of achieving this today is via Distributed Denial of Service, employing a botnet. Other floods may use specific packet types or connection requests to saturate finite resources by, for example, occupying the maximum number of open connections or filling the victim's disk space with logs.

A "banana attack" is another particular type of DoS. It involves redirecting outgoing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets.

An attacker with access to a victim's computer may slow it until it is unusable or crash it by using a fork bomb.

Nuke

A Nuke is an old denial-of-service attack against computer networks consisting of fragmented or otherwise invalid ICMP packets sent to the target, achieved by using a modified ping utility to repeatedly send this corrupt data, thus slowing down the affected computer until it comes to a complete stop.

A specific example of a nuke attack that gained some prominence is the WinNuke, which exploited the vulnerability in the NetBIOS handler in Windows 95. A string of out-of-band data was sent to TCP port 139 of the victim's machine, causing it to lock up and display a Blue Screen of Death (BSOD).

Distributed attack

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.

A system may also be compromised with a trojan, allowing the attacker to download a zombie agent (or the trojan may contain one). Attackers can also break into systems using automated tools that exploit flaws in programs that listen for connections from remote hosts. This scenario primarily concerns systems acting as servers on the web.

Stacheldraht is a classic example of a DDoS tool. It utilizes a layered structure where the attacker uses a client program to connect to handlers, which are compromised systems that issue commands to the zombie agents, which in turn facilitate the DDoS attack. Agents are compromised via the handlers by the attacker, using automated routines to exploit vulnerabilities in programs that accept remote connections running on the targeted remote hosts. Each handler can control up to a thousand agents.

These collections of systems compromisers are known as botnets. DDoS tools like Stacheldraht still use classic DoS attack methods centered on IP spoofing and amplification like smurf attacks and fraggle attacks (these are also known as bandwidth consumption attacks). SYN floods (also known as resource starvation attacks) may also be used. Newer tools can use DNS servers for DoS purposes. See next section.

Simple attacks such as SYN floods may appear with a wide range of source IP addresses, giving the appearance of a well distributed DoS. These flood attacks do not require completion of the TCP three way handshake and attempt to exhaust the destination SYN queue or the server bandwidth. Because the source IP addresses can be trivially spoofed, an attack could come from a limited set of sources, or may even originate from a single host. Stack enhancements such as syn cookies may be effective mitigation against SYN queue flooding, however complete bandwidth exhaustion may require involvement.

Unlike MyDoom's DDoS mechanism, botnets can be turned against any IP address. Script kiddies use them to deny the availability of well known websites to legitimate users. More sophisticated attackers use DDoS tools for the purposes of extortion — even against their business rivals.

It is important to note the difference between a DDoS and DoS attack. If an attacker mounts an attack from a single host it would be classified as a DoS attack. In fact, any attack against availability would be classed as a Denial of Service attack. On the other hand, if an attacker uses many systems to simultaneously launch attacks against a remote host, this would be classified as a DDoS attack.

The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track down and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines.

It should be noted that in some cases a machine may become part of a DDoS attack with the owner's consent. An example of this is the 2010 DDoS attack against major credit card companies by supporters of WikiLeaks. In cases such as this, supporters of a movement (in this case, those opposing the arrest of WikiLeaks founder Julian Assange) choose to download and run DDoS software.

Reflected attack

A distributed reflected denial of service attack (DRDoS) involves sending forged requests of some type to a very large number of computers that will reply to the requests. Using Internet Protocol address spoofing, the source address is set to that of the targeted victim, which means all the replies will go to (and flood) the target.

ICMP Echo Request attacks (Smurf Attack) can be considered one form of reflected attack, as the flooding host(s) send Echo Requests to the broadcast addresses of mis-configured networks, thereby enticing many hosts to send Echo Reply packets to the victim. Some early DDoS programs implemented a distributed form of this attack.

Many services can be exploited to act as reflectors, some harder to block than others. DNS amplification attacks involve a new mechanism that increased the amplification effect, using a much larger list of DNS servers than seen earlier.

Degradation-of-service attacks

"Pulsing" zombies are compromised computers that are directed to launch intermittent and short-lived floodings of victim websites with the intent of merely slowing it rather than crashing it. This type of attack, referred to as "degradation-of-service" rather than "denial-of-service", can be more difficult to detect than regular zombie invasions and can disrupt and hamper connection to websites for prolonged periods of time, potentially causing more disruption than concentrated floods. Exposure of degradation-of-service attacks is complicated further by the matter of discerning whether the attacks really are attacks or just healthy and likely desired increases in website traffic.

Unintentional denial of service

This describes a situation where a website ends up denied, not due to a deliberate attack by a single individual or group of individuals, but simply due to a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site's regular users — potentially hundreds of thousands of people — click that link in the space of a few hours, having the same effect on the target website as a DDoS attack. A VIPDoS is the same, but specifically when the link was posted by a celebrity.

An example of this occurred when Michael Jackson died in 2009. Websites such as Google and Twitter slowed down or even crashed. Many sites' servers thought the requests were from a virus or spyware trying to cause a Denial of Service attack, warning users that their queries looked like "automated requests from a computer virus or spyware application".

News sites and link sites — sites whose primary function is to provide links to interesting content elsewhere on the Internet — are most likely to cause this phenomenon. The canonical example is the Slashdot effect. Sites such as Digg, the Drudge Report, Fark, Something Awful, and the webcomic Penny Arcade have their own corresponding "effects", known as "the Digg effect", being "drudged", "farking", "goonrushing" and "wanging"; respectively.

Routers have also been known to create unintentional DoS attacks, as both D-Link and Netgear routers have created NTP vandalism by flooding NTP servers without respecting the restrictions of client types or geographical limitations.

Similar unintentional denials of service can also occur via other media, e.g. when a URL is mentioned on television. If a server is being indexed by Google or another search engine during peak periods of activity, or does not have a lot of available bandwidth while being indexed, it can also experience the effects of a DoS attack.

Legal action has been taken in at least one such case. In 2006, Universal Tube & Rollform Equipment Corporation sued YouTube: massive numbers of would-be youtube.com users accidentally typed the tube company's URL, utube.com. As a result, the tube company ended up having to spend large amounts of money on upgrading their bandwidth.

Denial-of-Service Level II

The goal of DoS L2 (possibly DDoS) attack is to cause a launching of a defense mechanism which blocks the network segment from which the attack originated. In case of distributed attack or IP header modification (that depends on the kind of security behavior) it will fully block the attacked network from Internet, but without system crash.

Incidents

The first major attack involving DNS servers as reflectors occurred in January 2001. The target was Register.com. This attack, which forged requests for the MX records of AOL.com (to amplify the attack) lasted about a week before it could be traced back to all attacking hosts and shut off. It used a list of tens of thousands of DNS records that were a year old at the time of the attack.

In February 2001, the Irish Government's Department of Finance server was hit by a denial of service attack carried out as part of a student campaign from NUI Maynooth. The Department officially complained to the University authorities and a number of students were disciplined.

In July 2002, the Honeynet Project Reverse Challenge was issued. The binary that was analyzed turned out to be yet another DDoS agent, which implemented several DNS related attacks, including an optimized form of a reflection attack.

On two occasions to date, attackers have performed DNS Backbone DDoS Attacks on the DNS root servers. Since these machines are intended to provide service to all Internet users, these two denial of service attacks might be classified as attempts to take down the entire Internet, though it is unclear what the attackers' true motivations were. The first occurred in October 2002 and disrupted service at 9 of the 13 root servers. The second occurred in February 2007 and caused disruptions at two of the root servers.

In February 2007, more than 10,000 online game servers in games such as Return to Castle Wolfenstein, Halo, Counter-Strike and many others were attacked by the hacker group RUS. The DDoS attack was made from more than a thousand computer units located in the republics of the former Soviet Union, mostly from Russia, Uzbekistan and Belarus. Minor attacks are still continuing to be made today.

In the weeks leading up to the five-day 2008 South Ossetia war, a DDoS attack directed at Georgian government sites containing the message: "win+love+in+Rusia" effectively overloaded and shut down multiple Georgian servers. Websites targeted included the Web site of the Georgian president, Mikhail Saakashvili, rendered inoperable for 24 hours, and the National Bank of Georgia. While heavy suspicion was placed on Russia for orchestrating the attack through a proxy, the St. Petersburg-based criminal gang known as the Russian Business Network, or R.B.N, the Russian government denied the allegations, stating that it was possible that individuals in Russia or elsewhere had taken it upon themselves to start the attacks.

During the 2009 Iranian election protests, foreign activists seeking to help the opposition engaged in DDoS attacks against Iran's government. The official website of the Iranian government (ahmedinejad.ir) was rendered inaccessible on several occasions. Critics claimed that the DDoS attacks also cut off internet access for protesters inside Iran; activists countered that, while this may have been true, the attacks still hindered President Mahmoud Ahmadinejad's government enough to aid the opposition.

On June 25, 2009, the day Michael Jackson died, the spike in searches related to Michael Jackson was so big that Google News initially mistook it for an automated attack. As a result, for about 25 minutes, when some people searched Google News they saw a "We're sorry" page before finding the articles they were looking for.

June 2009 the P2P site The Pirate Bay was rendered inaccessible due to a DDoS attack. This was most likely provoked by the recent sellout to Global Gaming Factory X AB, which was seen as a "take the money and run" solution to the website's legal issues. In the end, due to the buyers' financial troubles, the site was not sold.

Multiple waves of July 2009 cyber attacks targeted a number of major websites in South Korea and the United States. The attacker used botnet and file update through internet is known to assist its spread. As it turns out, a computer trojan was coded to scan for existing MyDoom bots. MyDoom was a worm in 2004, and in July around 20,000-50,000 were present. MyDoom has a backdoor, which the DDoS bot could exploit. Since then, the DDoS bot removed itself, and completely formatted the hard drives. Most of the bots originated from China, and North Korea.

On August 6, 2009 several social networking sites, including Twitter, Facebook, Livejournal, and Google blogging pages were hit by DDoS attacks, apparently aimed at Georgian blogger "Cyxymu". Although Google came through with only minor set-backs, these attacks left Twitter crippled for hours and Facebook did eventually restore service although some users still experienced trouble. Twitter's Site latency has continued to improve, however some web requests continue to fail.

In July and August 2010, the Irish Central Applications Office server was hit by a denial of service attack on four separate occasions, causing difficulties for thousands of Second Level students who are required to use the CAO to apply for University and College places. The attack is currently subject to a Garda investigation.

On November 28, 2010, whistle blower site wikileaks.org experienced a DDoS attack. This was presumably related to the pending release of many thousands of secret diplomatic cables.

On December 8, 2010, a group calling themselves "Anonymous" launched orchestrated DDoS attacks on organizations such as Mastercard.com, PayPal, Visa.com and PostFinance; as part of the ongoing "Operation Payback" campaign, which originally targeted anti-piracy organizations, in support of the Whistleblowing site Wikileaks and its founder, Julian Assange. The attack brought down the Mastercard, PostFinance, and Visa websites successfully by deploying 3 versions of the Denial of Service tool. PostFinance, the bank that had frozen Julian Assange’s account, was brought down for more than 16 hours due to the attacks. However, in denial of the fact that it was taken down by a bunch of notorious internet users, the bank issued a statement that the outage was caused by an overload of inquiries:

:"Access to www.postfinance.ch and thus also e-finance is currently overloaded owing to a multitude of online enquiries. The security of customer data is not affected."

The Simulation and Analysis Platform for DDoS attacks

An Active Queue Management and Denial-of-Service (AQM&DoS;) Simulation Platform is established based on the NS-2 simulation code of the RRED algorithm. The AQM&DoS; Simulation Platform can simulate a variety of DoS attacks (Distributed DoS, Spoofing DoS, Low-rate DoS, etc.) and Active Queue Management (AQM) algorithms (RED, RRED, SFB, etc.). It automatically calculate and record the average throughput of normal TCP flows before and after DoS attacks to facilitate the analysis of the impact of DoS attacks on normal TCP flows and AQM algorithms.More Details

Performing DoS-attacks

A wide array of programs are used to launch DoS-attacks. Most of these programs are completely focused on performing DoS-attacks, while others are also true Packet injectors, thus able to perform other tasks as well.

Some examples of such tools are hping and socket programming but these are not the only programs capable of such attacks. Such tools are intended for benign use, but they can also be utilized in launching attacks on victim networks. In addition to these tools, there exist a vast amount of underground tools used by attackers.

Prevention and response

Firewalls

Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Some DoS attacks are too complex for today's firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy. Routers may be affected even before the firewall gets the traffic. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall.

Some stateful firewalls, like OpenBSD's pf(4) packet filter, can act as a proxy for connections: the handshake is validated (with the client) instead of simply forwarding the packet to the destination. It is available for other BSDs as well. In that context, it is called "synproxy".

Switches

Most switches have some rate-limiting and ACL capability. Some switches provide automatic and/or system-wide rate limiting, traffic shaping, delayed binding (TCP splicing), deep packet inspection and Bogon filtering (bogus IP filtering) to detect and remediate denial of service attacks through automatic rate filtering and WAN Link failover and balancing.

These schemes will work as long as the DoS attacks are something that can be prevented by using them. For example SYN flood can be prevented using delayed binding or TCP splicing. Similarly content based DoS can be prevented using deep packet inspection. Attacks originating from dark addresses or going to dark addresses can be prevented using Bogon filtering. Automatic rate filtering can work as long as you have set rate-thresholds correctly and granularly. Wan-link failover will work as long as both links have DoS/DDoS prevention mechanism.

Routers

Similar to switches, routers have some rate-limiting and ACL capability. They, too, are manually set. Most routers can be easily overwhelmed under DoS attack. If you add rules to take flow statistics out of the router during the DoS attacks, they further slow down and complicate the matter. Cisco IOS has features that prevent flooding, i.e. example settings.

Application front end hardware

Application front end hardware is intelligent hardware placed on the network before traffic reaches the servers. It can be used on networks in conjunction with routers and switches. Application front end hardware analyzes data packets as they enter the system, and then identifies them as priority, regular, or dangerous. There are more than 25 bandwidth management vendors. Hardware acceleration is key to bandwidth management.

IPS based prevention

Intrusion-prevention systems (IPS) are effective if the attacks have signatures associated with them. However, the trend among the attacks is to have legitimate content but bad intent. Intrusion-prevention systems which work on content recognition cannot block behavior-based DoS attacks.

An ASIC based IPS can detect and block denial of service attacks because they have the processing power and the granularity to analyze the attacks and act like a circuit breaker in an automated way.

A rate-based IPS (RBIPS) must analyze traffic granularly and continuously monitor the traffic pattern and determine if there is traffic anomaly. It must let the legitimate traffic flow while blocking the DoS attack traffic.

DDS based defense

More focused on the problem than IPS, a DoS Defense System (DDS) is able to block connection-based DoS attacks and those with legitimate content but bad intent. A DDS can also address both protocol attacks (such as Teardrop and Ping of death) and rate-based attacks (such as ICMP floods and SYN floods).

Like IPS, a purpose-built system, such as the well-known Top Layer IPS products, can detect and block denial of service attacks at much nearer line speed than a software based system.

Prevention via proactive testing

Test platforms such as Mu Dynamics' Service Analyzer are available to perform simulated denial-of-service attacks that can be used to evaluate defensive mechanisms such IPS, RBIPS, as well as the popular denial-of-service mitigation products from Arbor Networks. An example of proactive testing of denial-of-service throttling capabilities in a switch was performed in 2008: The Juniper EX 4200 switch with integrated denial-of-service throttling was tested by Network Test and the resulting review was published in Network World.

Blackholing and sinkholing

With blackholing, all the traffic to the attacked DNS or IP address is sent to a "black hole" (null interface, non-existent server, ...). To be more efficient and avoid affecting your network connectivity, it can be managed by the ISP.

Sinkholing routes to a valid IP address which analyzes traffic and rejects bad ones. Sinkholing is not efficient for most severe attacks.

Clean pipes

All traffic is passed through a "cleaning center" via a proxy, which separates "bad" traffic (DDoS and also other common internet attacks) and only sends good traffic beyond to the server. The provider needs central connectivity to the Internet to manage this kind of service.

Prolexic and Verisign are examples of providers of this service.

Side effects of DoS attacks

Backscatter

In computer network security, backscatter is a side-effect of a spoofed denial of service (DoS) attack. In this kind of attack, the attacker spoofs (or forges) the source address in IP packets sent to the victim. In general, the victim machine can not distinguish between the spoofed packets and legitimate packets, so the victim responds to the spoofed packets as it normally would. These response packets are known as backscatter.

If the attacker is spoofing source addresses randomly, the backscatter response packets from the victim will be sent back to random destinations. This effect can be used by network telescopes as indirect evidence of such attacks.

The term "backscatter analysis" refers to observing backscatter packets arriving at a statistically significant portion of the IP address space to determine characteristics of DoS attacks and victims.

Legality

In the Police and Justice Act 2006, the United Kingdom specifically outlawed denial-of-service attacks and set a maximum penalty of 10 years in prison.

In the US, there can be a serious federal crime under the Computer Fraud and Abuse Act with penalties that include years of imprisonment. Many other countries have similar laws.

See also

Billion laughs

Black fax

Cybercrime

Dosnet

Industrial espionage

Intrusion-detection system

LAND

Network intrusion detection system

Regular expression Denial of Service

Wireless signal jammer

LOIC

Slowloris

Notes and references

Further reading

External links

RFC 4732 Internet Denial-of-Service Considerations

W3C The World Wide Web Security FAQ

DoS-Attacks A Blog/News Site Covering DDoS Attacks

DDOS attacks counter measures A Blog post about DDoS Attacks counter measures with Iptables / Netfilter

Understanding and surviving DDoS attacks

cert.org CERT's Guide to DoS attacks.

ATLAS Summary Report - Real-time global report of DDoS attacks.

linuxsecurity.com An article on preventing DDoS attacks.

Is Your PC a Zombie?, About.com.

Report: Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites Berkman Center for Internet and Society Report on DDOS

Category:Denial-of-service attacks Category:Internet Relay Chat Category:Cyberwarfare Category:Computer network security

ar:هجمات الحرمان من الخدمات bn:ডিনাইয়াল অভ সার্ভিস bg:Атака за отказ на услуга ca:Denegació de servei cs:Denial of Service da:DDoS de:Denial of Service et:Teenusetõkestamise rünne el:Επιθέσεις άρνησης υπηρεσιών es:Ataque de denegación de servicio eu:Zerbitzu ukapenaren eraso fa:انکار سرویس fr:Attaque par déni de service ga:Ionsaí diúltaithe seirbhíse ko:서비스 거부 공격 hy:DDos գրոհ hr:DDoS id:Serangan DoS it:Denial of service he:התקפת מניעת שירות hu:DDoS mk:DDoS ml:ഡിനയിൽ-ഓഫ്-സർവീസ് അറ്റാക്ക്‌ ms:DDoS my:Denial-of-service attack nl:Distributed denial-of-service ja:DoS攻撃 no:Tjenestenektangrep pl:DoS pt:Ataque de negação de serviço ro:DoS ru:DoS-атака simple:Denial-of-Service attack sl:Napad za zavrnitev storitve fi:Palvelunestohyökkäys sv:Denial of Service uk:DoS-атака vi:Tấn công từ chối dịch vụ zh:分散式阻斷服務攻擊

Coordinates	29°57′53″N90°4′14″N
name	Anderson Silva
other names	The Spider
birth name	Anderson da Silva
nationality	Brazilian
birth date	April 14, 1975
birth place	São Paulo, Brazil
other names	The Spider
residence	Curitiba, Brazil
fighting out of	Torrance, California, United States
height
weight lb	184
weight class	Welterweight (pre-2003) Middleweight Light Heavyweight
reach in	77.6
style	Muay Thai, Boxing, Brazilian Jiu-Jitsu, Taekwondo, Judo, Capoeira
trainer	Boxing: Josuel Distak Jiu-Jitsu: Antonio Rodrigo Nogueira, Sylvio Behring and Ramon Lemos
team	Black House
stance	Southpaw
rank	Black belt in Brazilian Jiu-JitsuBlack belt in JudoBlack belt in TaekwondoYellow rope in Capoeira
years active	1997 – present (MMA)
box win	1
box kowin	1
box loss	1
box koloss	1
mma win	31
mma kowin	18
mma subwin	6
mma decwin	7
mma loss	4
mma subloss	2
mma decloss	1
mma dqloss	1
children	5
url	http://www.spidersilva.com/
boxrec	152826
sherdog	1356
updated	February 5, 2011 }}

Anderson da Silva (; born April 14, 1975) is a Brazilian mixed martial artist. He is the current UFC Middleweight Champion and the promotion's longest reigning champion. With 14 consecutive wins, Silva holds the longest active winning streak in the UFC and the record for the longest winning streak in UFC history. In a press conference for UFC 134, UFC president Dana White proclaimed Silva as the greatest fighter in the history of mixed martial arts.

Silva is ranked as the number one Middleweight in the world by multiple publications; he is also the consensus #1 pound-for-pound fighter in the world according to multiple publications. Silva is also the last Cage Rage Middleweight Champion and a former Shooto Middleweight Champion. Besides the UFC and Cage Rage, Silva has fought for a number of other MMA promotions including the Pride Fighting Championships, Shooto and Rumble on the Rock.

Biography

Although known primarily for his mastery of Muay Thai striking, Silva is also a Brazilian Jiu-Jitsu blackbelt, a rank he earned in 2006 from Antônio Rodrigo Nogueira who follows Gracie Lineage through Carlson Gracie, likewise Murilo Bustamante and the Brazilian Top Team. He began martial arts training at the age of 14, training Tae kwon do and earning a black belt by the age of 18. He is also a black belt in Judo and a yellow rope in Capoeira.

Once a member of the Chute Boxe Academy, Silva left to form the Muay Thai Dream Team. In late November 2006, he joined new team Black House with Lyoto Machida, Vitor Belfort, Assuerio Silva, and the Nogueira brothers. On May 16, 2008 Silva and Antonio Rodrigo Nogueira opened the Team Nogueira MMA Academy in Miami, Florida.

Mixed martial arts career

Early career

Silva initially fought in his native Brazil in the welterweight category. According to Sherdog.com, Silva made his professional debut in 1997 with a pair of wins. Silva recorded his first loss in 2000 to Luiz Azeredo by decision. After that fight, he went on a nine-fight winning streak, winning six of those fights by either submission or TKO. After winning his first match in Japan he was put up against Shooto champion Hayato Sakurai on August 26, 2001. Silva beat Sakurai by unanimous decision after three rounds and became the new Shooto Middleweight Champion (at 167 lb) and the first man to defeat Sakurai who was undefeated in his first 20 fights.

Pride Fighting Championships

In 2002, Silva began fighting in Pride. In his first fight with the promotion, he stopped Alex Stiebling with a cut resulting from a high kick. In his next match, he won via decision against the "Diet Butcher" Alexander Otsuka. At ''Pride 25'', Silva faced former UFC welterweight champion Carlos Newton. Newton tried to shoot in on Silva, but was hit with a flying knee. Newton collapsed and Silva finished the fight with strikes, winning by technical knockout.

At ''Pride 26'', Silva faced Daiju Takase. Considering his record at the time – with only four wins to seven losses – Takase was a big underdog. Surprisingly, after dominating most of the fight with takedowns, top position, and effective ground and pound, Takase submitted Silva with a triangle choke late in the first round.

After his loss to Takase, Silva fought in other promotions around the world. On June 27, 2004, Silva fought Jeremy Horn and earned a decision victory.

Cage Rage

Three months later, Silva made his debut in the Cage Rage promotion in England. At ''Cage Rage 8'' Silva fought and defeated noted striker Lee Murray by decision. That year, Silva returned to Pride on December 31 to face Ryo Chonan. Silva was in control with a take down and body triangle in the first round. Chonan was able to counter Silva's knees from the clinch, with knees, and takedowns. Despite being the underdog, Chonan ended the fight in the third round with a flying scissor heel hook, forcing Silva to submit. After the loss to Chonan, Silva continued fighting in the Cage Rage promotion, as well as other promotions around the world. Silva defended his Cage Rage title against Curtis Stout.

Although he was slated to fight Matt Lindland at ''Cage Rage 16'', Lindland's decision to fight Mike Van Arsdale at ''Raze Fight Night'' put an end to the highly-anticipated match up. Instead, Silva defended his championship against Tony Fryklund, winning the fight with a reverse elbow, knocking out Fryklund early in the first round.

Silva vs. Okami

Silva competed in Hawaii's Rumble on the Rock promotion, where he fought Yushin Okami in the first round of the 175 lb tournament. Although he was labeled as the favorite to win the tournament, Silva lost his fight when he kicked Okami in the face from the guard position. Okami's knees were on the ground at the time, making the attack an illegal strike to the head of a downed opponent. Silva later said that the rule had not been properly explained to him before the bout. "When I fought Okami the rules really weren't explained to me properly in the event I was fighting in," said Silva. "You could kick a downed opponent to the groin or to the head when your back's on the ground. So the rules weren’t explained to me properly." While Okami was given the opportunity to recover and continue fighting, Okami opted for the disqualification win. Silva responded by saying he "felt it was a cheap, cowardly way of winning," and that "people that were there saw that he was in the condition to come back and keep fighting, and he didn't."

Arrival in the UFC

Although speculation ran rampant about where Silva would sign next, the UFC announced in late April 2006 that they had signed him to a multi-fight contract. It was not long before the UFC started promoting Silva, releasing an interview segment almost immediately after announcing his arrival.

Silva vs. Leben

Silva made his debut at ''Ultimate Fight Night 5'' on June 28, 2006. His opponent was ''The Ultimate Fighter 1'' contestant Chris Leben who had gone undefeated in the UFC with five consecutive victories. Leben, confident of victory, had predicted he would KO Silva in a pre-fight interview. A relatively unknown fighter in the United States, Silva made an emphatic debut when he knocked out Leben with a flurry of pinpoint strikes, followed by a final knee strike at 49 seconds into the first round. Silva's striking accuracy was 100%.

Silva vs. Franklin and Winning the Belt

In response to the victory, the UFC quickly tallied a poll on their main page, asking viewers to select Silva's next opponent; the majority of voters selected the UFC Middleweight Champion, Rich Franklin.

Silva fought Franklin at ''UFC 64'' on October 14, 2006, and defeated him by TKO (strikes) at 2:59 in the first round. Silva hit Franklin with knees to the body from the Muay Thai-clinch, then badly broke Franklin's nose with a knee to the face. Unable to strike back, Franklin dodged the last of Silva's strikes before falling to the ground, where referee "Big" John McCarthy ended the fight. Silva was then crowned the new UFC Middleweight Champion, becoming the second man to defeat Franklin, after Black House-teammate Lyoto Machida.

Title defenses and Light Heavyweight bouts

Silva vs. Lutter

On February 3, 2007 at ''UFC 67'', Silva was scheduled to fight ''The Ultimate Fighter 4'' winner Travis Lutter in what would be his first title defense since defeating Rich Franklin in October 2006. However, Lutter failed to make the weight limit and the match was changed to a non-title bout. Many felt that Lutter's best chance to win was to take the fight to the ground, with Lutter being an accomplished Jiu-Jitsu blackbelt. Silva won via submission with combination of a triangle choke and elbow strikes in the second round.

Silva vs. Marquardt

In his next fight at ''UFC 73'' on July 7, 2007, Silva successfully defended his title against Nate Marquardt, winning by TKO at 4:50 in the first round.

Silva vs. Franklin II

Three months later, on October 20, 2007 at ''UFC 77'', Silva fought a title defense rematch against Rich Franklin, in Franklin's hometown of Cincinnati, Ohio at the U.S. Bank Arena. Silva defended his belt by defeating Franklin via TKO in the 2nd round.

Silva vs. Henderson

On March 1, 2008 at ''UFC 82'' Silva fought Pride Middleweight champion Dan Henderson, in a title unification bout (UFC and Pride titles on the line). Again, many thought that Henderson had the edge on the ground, having competed in the 1992 and 1996 Summer Olympics in Greco-Roman wrestling. Silva defended his title by defeating Henderson via rear naked choke in the 2nd round.

Silva vs. Irvin

At ''UFC Fight Night: Silva vs. Irvin'' on July 19, 2008, Silva made his debut at Light Heavyweight () in a bout against James Irvin. Silva won via KO due to strikes in 1:01 of the first round after catching Irvin's attempted leg kick with his left arm and delivering a straight right that dropped Irvin to the mat, Silva then finished a prone Irvin with a blitz of punches to the head.

Silva vs. Cote

Silva's next fight was on October 25, 2008 at ''UFC 90'' in Rosemont, Illinois, Silva defended his Middleweight title against Patrick Côté. In the third round, Côté landed awkwardly on his right leg while throwing a kick and fell to the mat grasping his right knee in pain. Referee Herb Dean declared the fight over when Côté could not continue, ruling the bout a TKO victory for Silva. Côté, however, became the first of Silva's UFC opponents to make it past the 2nd round.

After his fight with Côté, Silva was criticized for seemingly avoiding contact during the bout. Dana White criticized Silva, saying: "I didn't understand Silva's tactics... It wasn't the Anderson Silva I've been watching the last two years." Silva said in the post-fight news conference:

"There are many people saying I was disrespecting Cote, but this is absolutely not true. My game plan since the beginning was fight five rounds, inducing him to commit mistakes and capitalize on that during the first three rounds and look for the knockout during the fourth and fifth rounds. It was working, and the biggest proof of that is that I almost didn’t waste any blows. I connected with a couple of good punches and knees, but unfortunately he got hurt and the fight was over. This is not my fault."

Silva vs. Leites

On April 18, 2009 at ''UFC 97'' in Montreal, Canada, Anderson Silva defeated Brazilian Jiu-Jitsu blackbelt Thales Leites by Unanimous Decision, and recorded his UFC record 9th consecutive win in the octagon. Thales Leites is credited with being the first man in UFC history to take Silva through 5 rounds to a judges' decision. The crowd repeatedly booed his lackluster performance, bored expression, and frustrated attempts to goad his opponent into fighting, and in the 4th and 5th rounds took to dancing, lowering his guard and slapping his opponent without retaliation. Following the fight, Dana White has stated that he was "embarrassed" by Silva's performance, but still said that he believes him to be "the best pound-for-pound fighter in the world".

Silva vs. Griffin

At ''UFC 101'' which took place on August 8, 2009 in Philadelphia, Pennsylvania Silva again fought at 205 pounds against former UFC Light Heavyweight Champion Forrest Griffin. Griffin was knocked down three times in the first round. The bout earned Silva Beatdown of the Year honors from Sherdog. The bout shared those honors with the second bout between Brock Lesnar and Frank Mir. Both fighters were awarded $60,000 as Fight of the Night bonuses and Silva received $60,000 in bonus money for Knockout of the Night.

After defeating Griffin, a Yahoo! Sports reporter allegedly claimed that Silva's manager, Ed Soares, had confirmed that Silva would abandon his Middleweight belt to fight at Light Heavyweight. However, Soares and a UFC spokesperson confirmed that a conversation agreeing Silva would permanently move up to Light Heavyweight never took place. Silva did not relinquish his title to fight exclusively at Light Heavyweight. Soares stated his attorney plans to speak to Yahoo! Sports about the matter.

Silva vs. Maia

Silva was expected to defend the UFC Middleweight Championship against Vitor Belfort on January 2, 2010 at UFC 108. However, Ed Soares announced that the bout would not take place as Silva would not be fully recovered from surgery. Silva was then set to face Belfort on February 6, 2010 at UFC 109. The fight, however, was dependent on Silva's healing, which he described as "not going as planned." The fight was canceled because of Silva's slow recovery. Silva was once again scheduled to face Belfort on April 10, 2010 at UFC 112. The fight was later canceled again due to an injury to Belfort. Demian Maia was selected to fill the spot and take on Silva for the belt.

In the first two rounds Silva appeared to mock his opponent while employing quick, precise striking. In the third round, however, Silva's tempo seemed to change. He looked to Maia to be the aggressor while he largely circled and taunted his opponent. In the fifth round, Silva's lack of action prompted referee Dan Miragliotta to warn Silva for his conduct. The crowd began to side with Maia, who was the only fighter attempting to engage. After 5 rounds, Silva was declared the winner via unanimous decision.

Silva was widely criticized for his performance. Dana White said it was the most embarrassed he had ever been since becoming UFC president. Midway through the fourth round, White walked away from the fight and gave the championship belt to Silva's manager, Ed Soares. White was so annoyed that he declined to personally place the belt around Silva's waist, claiming it was the first time he had done so after a title match. It was also claimed that Silva verbally insulted Maia multiple times during the fight.

In the immediate post-fight interview, Silva apologized and said he did not know what got into him and said he should have been more humble. However, in the official post-fight press conference, he said he "owed nobody an apology" and that "he couldn't please everyone". He also made multiple references about how Demian insulted him. In the same conference, Dana White apologized to the fans that "bought this [stuff]", and said he would make it up to them.

Silva vs. Sonnen

Dana White went on to say, on April 14 (Anderson's 35th birthday) in an appearance on ESPN's Jim Rome is Burning, that Anderson's next title defense would be against Chael Sonnen at UFC 117 in Oakland, California, and that "If he [Silva] ever acts like that again in the ring, I will cut him."

On August 7, 2010, Silva faced Chael Sonnen for the UFC Middleweight Title at UFC 117. In the first round, Sonnen stunned Silva with a punch before taking him down and dominating from the top position, landing multiple blows. The following three rounds played out in a similar fashion, going to the ground early with Sonnen dominating from inside Silva's guard. In the fifth round, Silva slipped while ducking under Sonnen's left hook and the challenger took advantage by once again establishing a top position and delivering strikes to Silva. With about two minutes left in the round, Silva was able to lock up a triangle armbar on Sonnen, forcing Sonnen to submit at 3:10 of Round 5.

Silva was hit more in the fight than in his entire career. According to CompuStrike, in his first 11 UFC fights, Silva was hit 208 times. Sonnen hit him a total of 289 times. After the bout it was revealed that Sonnen would have won a judges' decision. All three judges had Sonnen marked as the winner of all four rounds, judges Nelson Hamilton and Dan Stell had Sonnen taking Round 1 10–8, as well as Hamilton awarding the challenger another 10–8 total in Round 3.

Silva allegedly went into the fight with injured ribs and his doctor advised him not to fight. During the first round, he cracked his rib and was out until 2011 because of the injury. Following the fight the California State Athletic Commission confirmed that Chael Sonnen tested positive for performance-enhancing drugs (PED's). Doping tests revealed Sonnen had an elevated testosterone level which fell outside of the normal range prior to his fight with Silva. Dana White had announced that Sonnen would get a rematch when Silva returns, but this was revoked after the issue with PEDs came to light.

Silva vs. Belfort

Silva faced Vitor Belfort on February 5, 2011 at UFC 126. Belfort was expected to face Yushin Okami on November 13, 2010 at UFC 122, but was replaced by Nate Marquardt. After a "feeling out" period of about two and a half minutes in the first round, Silva and Belfort started to trade strikes. Silva landed a brutal front kick to Belfort's jaw and followed up with punches to the grounded challenger. Referee Mario Yamasaki stopped the fight at 3:25 minutes into the first round. Silva extended his record streak of title defenses to eight and his overall record to 30–4.

Silva vs. Okami II

Silva faced Yushin Okami on August 27, 2011 at UFC 134. The fight was a rematch from the 2006 Rumble on the Rock tournament where Okami defeated Silva via disqualification, thus making Okami the last fighter to defeat Silva. Silva defeated Okami, avenging his most recent loss, in a manner similar to when he fought Griffin. Silva dropped his hands and used effective counter-striking and head movement to knock Okami down twice, finishing him off with ground-and-pound. Several fighters including Forrest Griffin stated after the fight, "A healthy Silva is simply unbeatable. The 185 pound division is not weak and contains amazing fighters except none of them can come close to Anderson."

Personal life

In an interview with MMA Weekly, Anderson Silva's manager stated: "Anderson would love to fight Roy Jones Jr. in a boxing match up under boxing rules to prove that MMA fighters are technical, too." UFC president, Dana White, later expressed that he would use his veto power to stop such a match from taking place because he does not need his fighters getting themselves injured while fighting outside of the octagon. Silva, however, has commented: "After my contract with the UFC is finished, I will set up the fight with Jones Jr. The fight has already been permitted by Jones himself." In April 2009, Jones himself confirmed he is still interested in fighting Silva: "I'm going to try and make it happen. He's saying he wants to fight me, so, OK, I'm ready. Let's brawl." Roy Jones Jr. was in attendance at UFC 101.

In an interview with Brazilian TV station SporTV in September 2008, Silva stated that he was interested in retiring within the next year. However, Anderson's manager, Ed Soares and co-manager Nicholas Gansen, responded to the talk of retirement by saying that Anderson was contractually obligated to fight six more fights (his sixth was against Vitor Belfort) and would do so before retiring. Soares further stated that Silva desires to retire when he is 35 which he turned on April 14, 2010. According to Anderson Silva's manager, Ed Soares, he is not retiring after his contract is over in 2010 and what he supposedly wants is to stay in the 185 division.

Silva is Afro-Brazilian and has three sons and two daughters with his wife. Silva appeared in ''Never Surrender'' in 2009.

Fighting style

Silva is an extremely well rounded fighter whose striking ability is considered to be one of the best in MMA. Silva's striking accuracy, knockout power, technically vicious Muay Thai and ability to counterstrike makes him a danger to his opponents. Silva's striking uses three major strengths: technical precision, the jab and transitions and movement. Silva switches from Southpaw to Orthodox with little drop-off in effectiveness. Although it has been claimed that his ground game is not as good as his stand-up, Silva has submitted notable grapplers, including Olympic wrestler Dan Henderson, Brazilian Jiu-Jitsu blackbelt Travis Lutter and Olympic alternate Chael Sonnen.

Championships and accomplishments

Mixed martial arts

Shooto

*Shooto Middleweight Championship (One time)

Cage Rage Championships

*Cage Rage Middleweight Championship (One time, Last)

*Three successful title defenses

Ultimate Fighting Championship

*UFC Middleweight Championship (One time, Current)

*Won Fight of the Night (Three times)

*Won Knockout of the Night (Three times)

*Won Submission of the Night (Two times)

*Unified UFC Middleweight and Pride FC Welterweight Championships

*Most consecutive title defenses (Nine)

*Most successful title defenses (Nine)

*Most consecutive wins in the UFC (Fourteen)

*Longest UFC title reign

ESPY Award

In June 2009, Anderson Silva was nominated for the 2009 ESPYs "Best Fighter" category, along with Lyoto Machida, Manny Pacquiao and Shane Mosley. The award was won by Manny Pacquiao.

Sherdog

Won Sherdog Beatdown of the Year for 2009 win over Forrest Griffin

MMA Live

Won MMA Live Fight of the Year for 2010 win over Chael Sonnen

World MMA Awards

Won World MMA Awards Fight of the Year for 2010 win over Chael Sonnen

Mixed martial arts record

|- | Win | style="text-align:center;"| 31-4 | Yushin Okami | TKO (punches) | UFC 134 | | style="text-align:center;"| 2 | style="text-align:center;"| 2:04 | Rio de Janeiro, Brazil | |Defended UFC Middleweight Championship; Extends UFC record for most consecutive title defenses (9) & wins (14). |- | Win | style="text-align:center;"| 30–4 | Vitor Belfort | KO (front kick and punches) | UFC 126 | | style="text-align:center;"| 1 | style="text-align:center;"| 3:25 | Las Vegas, Nevada, U.S. |Defended UFC Middleweight Championship; Knockout of the night. |- | Win | style="text-align:center;"| 29–4 | Chael Sonnen | Submission (triangle armbar) | UFC 117 | | style="text-align:center;"| 5 | style="text-align:center;"| 3:10 | Oakland, California, U.S. |Defended UFC Middleweight Championship; Fight & Submission of the Night; Sonnen later tested positive for elevated testosterone. |- | Win | style="text-align:center;"| 28–4 | Demian Maia | Decision (unanimous) | UFC 112 | | style="text-align:center;"| 5 | style="text-align:center;"| 5:00 | Abu Dhabi, U.A.E. | Defended UFC Middleweight Championship; Broke record for most consecutive title defenses (6). |- |Win | style="text-align:center;"| 27–4 | Forrest Griffin | KO (punch) | UFC 101 | | style="text-align:center;"| 1 | style="text-align:center;"| 3:23 | Philadelphia, Pennsylvania, U.S. | Light Heavyweight bout; Fight of the night; Knockout of the night. |- |Win | style="text-align:center;"| 26–4 | Thales Leites | Decision (unanimous) | UFC 97 | | style="text-align:center;"| 5 | style="text-align:center;"| 5:00 | Montreal, Canada | Defended UFC Middleweight Championship; Broke UFC record for most consecutive wins (9); Tied record for most title defenses (5) |- |Win | style="text-align:center;"| 25–4 | Patrick Côté | TKO (knee injury) | UFC 90 | | style="text-align:center;"| 3 | style="text-align:center;"| 0:39 | Rosemont, Illinois, U.S. | Defended UFC Middleweight Championship. |- |Win | style="text-align:center;"| 24–4 | James Irvin | KO (punches) | UFC: Silva vs Irvin | | style="text-align:center;"| 1 | style="text-align:center;"| 1:01 | Las Vegas, Nevada, U.S. | Light Heavyweight bout; after the fight Irvin tested positive for illegal substances |- |Win | style="text-align:center;"| 23–4 | Dan Henderson | Submission (rear-naked choke) | UFC 82 | | style="text-align:center;"| 2 | style="text-align:center;"| 4:50 | Columbus, Ohio, U.S. | Defended UFC Middleweight Championship, Fight & Submission of the Night; Unified PRIDE Welterweight & UFC Middleweight titles. |- |Win | style="text-align:center;"| 22–4 | Rich Franklin | TKO (knees) | UFC 77 | | style="text-align:center;"| 2 | style="text-align:center;"| 1:07 | Cincinnati, Ohio, U.S. | Defended UFC Middleweight Championship; Knockout of the night |- |Win | style="text-align:center;"| 21–4 | Nate Marquardt | TKO (punches) | UFC 73 | | style="text-align:center;"| 1 | style="text-align:center;"| 4:50 | Sacramento, California, U.S. | Defended UFC Middleweight Championship |- |Win | style="text-align:center;"| 20–4 | Travis Lutter | Submission (elbows) | UFC 67 | | style="text-align:center;"| 2 | style="text-align:center;"| 2:11 | Las Vegas, Nevada, U.S. | Non-title fight (Lutter did not make weight) |- |Win | style="text-align:center;"| 19–4 | Rich Franklin | KO (knee) | UFC 64 | | style="text-align:center;"| 1 | style="text-align:center;"| 2:59 | Las Vegas, Nevada, U.S. | Won UFC Middleweight Championship |- |Win | style="text-align:center;"| 18–4 | Chris Leben | KO (knee) | UFC Ultimate Fight Night 5 | | style="text-align:center;"| 1 | style="text-align:center;"| 0:49 | Las Vegas, Nevada, U.S. | |- |Win | style="text-align:center;"| 17–4 | Tony Fryklund | KO (elbow) | Cage Rage 16 | | style="text-align:center;"| 1 | style="text-align:center;"| 2:02 | London, England | Defended Cage Rage World Middleweight Championship |- |Loss | style="text-align:center;"| 16–4 | Yushin Okami | DQ (illegal kick) | Rumble on the Rock 8 | | style="text-align:center;"| 1 | style="text-align:center;"| 2:33 | Honolulu, Hawaii, U.S. | ROTR WW Tournament Opening Round; Silva was disqualified for delivering an illegal upkick that rendered Okami unable to continue. |- |Win | style="text-align:center;"| 16–3 | Curtis Stout | KO (punches) | Cage Rage 14 | | style="text-align:center;"| 1 | style="text-align:center;"| 4:59 | London, England | Defended Cage Rage World Middleweight Championship |- |Win | style="text-align:center;"| 15–3 | Jorge Rivera | TKO (knees and punches) | Cage Rage 11: Face Off | | style="text-align:center;"| 2 | style="text-align:center;"| 3:53 | London, England | Defended Cage Rage World Middleweight Championship |- |Loss | style="text-align:center;"| 14–3 | Ryo Chonan | Submission (flying heel hook) | Pride Shockwave 2004 | | style="text-align:center;"| 3 | style="text-align:center;"| 3:08 | Saitama, Japan | |- |Win | style="text-align:center;"| 14–2 | Lee Murray | Decision (unanimous) | Cage Rage 8 | | style="text-align:center;"| 3 | style="text-align:center;"| 5:00 | London, England | Won Cage Rage World Middleweight Championship |- |Win | style="text-align:center;"| 13–2 | Jeremy Horn | Decision (unanimous) | Gladiator FC: Day 2 | | style="text-align:center;"| 3 | style="text-align:center;"| 5:00 | Seoul, South Korea | |- |Win | style="text-align:center;"| 12–2 | Waldir dos Anjos | TKO (corner stoppage) | Conquista Fight 1 | | style="text-align:center;"| 1 | style="text-align:center;"| 5:00 | Vitória da Conquista, Brazil | |- |Loss | style="text-align:center;"| 11–2 | Daiju Takase | Submission (triangle choke) | Pride 26 | | style="text-align:center;"| 1 | style="text-align:center;"| 8:33 | Yokohama, Japan | |- |Win | style="text-align:center;"| 11–1 | Carlos Newton | KO (flying knee and punches) | Pride 25 | | style="text-align:center;"| 1 | style="text-align:center;"| 6:27 | Yokohama, Japan | |- |Win | style="text-align:center;"| 10–1 | Alexander Otsuka | Decision (unanimous) | Pride 22 | | style="text-align:center;"| 3 | style="text-align:center;"| 5:00 | Nagoya, Japan | |- |Win | style="text-align:center;"| 9–1 | Alex Stiebling | TKO (doctor stoppage) | Pride 21 | | style="text-align:center;"| 1 | style="text-align:center;"| 1:23 | Saitama, Japan | |- |Win | style="text-align:center;"| 8–1 | Roan Carneiro | Submission (punches) | Mecca: World Vale Tudo 6 | | style="text-align:center;"| 1 | style="text-align:center;"| 5:32 | Curitiba, Brazil | |- |Win | style="text-align:center;"| 7–1 | Hayato Sakurai | Decision (unanimous) | Shooto: To The Top 7 | | style="text-align:center;"| 3 | style="text-align:center;"| 5:00 | Osaka, Japan | Won Shooto Middleweight (168 pounds) Championship |- |Win | style="text-align:center;"| 6–1 | Israel Albuquerque | Submission (punches) | Mecca: World Vale Tudo 5 | | style="text-align:center;"| 1 | style="text-align:center;"| 6:17 | Curitiba, Brazil | |- |Win | style="text-align:center;"| 5–1 | Tetsuji Kato | Decision (unanimous) | Shooto: To The Top 2 | | style="text-align:center;"| 3 | style="text-align:center;"| 5:00 | Tokyo, Japan | |- |Win | style="text-align:center;"| 4–1 | Claudionor Fontinelle | TKO (punches and knees) | Mecca: World Vale Tudo 4 | | style="text-align:center;"| 1 | style="text-align:center;"| 4:35 | Curitiba, Brazil | |- |Win | style="text-align:center;"| 3–1 | Jose Barreto | TKO (head kick and punches) | Mecca: World Vale Tudo 2 | | style="text-align:center;"| 1 | style="text-align:center;"| 1:06 | Curitiba, Brazil | |- |Loss | style="text-align:center;"| 2–1 | Luiz Azeredo | Decision (unanimous) | Mecca: World Vale Tudo 1 | | style="text-align:center;"| 2 | style="text-align:center;"| 10:00 | Curitiba, Brazil | |- |Win | style="text-align:center;"| 2–0 | Fabricio Camoes | TKO (retirement) | Brazilian Freestyle Circuit 1 | | style="text-align:center;"| 1 | style="text-align:center;"| 25:14 | Campo Grande, Brazil | |- |Win | style="text-align:center;"| 1–0 | Raimundo Pinheiro | Submission (rear-naked choke) | Brazilian Freestyle Circuit 1 | | style="text-align:center;"| 1 | style="text-align:center;"| 1:53 | Campo Grande, Brazil |

Boxing record

Result	Record	Opponent	Method	Date	Round	Time	Location	Notes
align="center" xWin		Julio Cesar De Jesus	KO				Ginasio Antonio Balbino, Salvador, Bahia, Brazil
align="center" xLoss		Osmar Luiz Teixeira	TKO				Uniao da Vitoria, Parana, Brazil

See also

List of current mixed martial arts champions

List of current UFC fighters

List of male mixed martial artists

References

External links

Black House MMA

Anderson Silva Fight Stats

Official UFC Profile

|- Category:Brazilian capoeira practitioners Category:Brazilian expatriates in the United States Category:Brazilian judoka Category:Brazilian mixed martial artists Category:Brazilian Muay Thai practitioners Category:Brazilian people of Black African descent Category:Brazilian practitioners of Brazilian Jiu-Jitsu Category:Brazilian taekwondo practitioners Category:Light heavyweight mixed martial artists Category:Living people Category:Middleweight mixed martial artists Category:People from Curitiba Category:Ultimate Fighting Championship champions Category:Welterweight mixed martial artists Category:1975 births

de:Anderson Silva (Kampfsportler) fr:Anderson Silva ko:앤더슨 실바 it:Anderson Silva ja:アンデウソン・シウバ no:Anderson Silva pl:Anderson Silva pt:Anderson Silva ru:Силва, Андерсон simple:Anderson Silva fi:Anderson Silva sv:Anderson Silva uk:Андерсон Сілва