Denial of service security attacks remove or disable certain system services (or perhaps the entire system). Sometimes a denial of service attack will simply degrade system performance to a level where, though still available, system service is effectively non-existent. Some attacks have caused a crash of the operating system kernel itself. In other cases, the system service daemon has crashed, thereby removing that service without altering other services being offered by the host. An example of a denial of service attack is to send a large number of packets to host in an effort to overwhelm the host and force a crash or reduce service to levels which are unacceptable. Since packets must contain a source address (in this case, the address of the attacker) as well as a destination address, it would be easy to identify the attacking machine. To avoid detection, the attacker machine arranges to send packets having a source address from some other Internet host. This process is known as IP spoofing. The so-called Land attack involves IP spoofing and usually results in denial of service or a crash. Ferguson and Senie [Ferg 98] have proposed a workaround solution to IP spoofing where each network router to external networks would filter out any spoof-ed packets, i.e., packets being sent to another network whose source address are not equal to the local network. For this workaround solution to be totally effective, filtering would need to be installed on every router on the Internet which routes packets to external networks. This situation highlights one of the difficulties of internet security, namely the requirement that the network administrators of each network on the Internet carefully coordinate security efforts and maintain similar standard levels of security. This is impossible in practice, since many network administrators give little or no attention to network security issues.