ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Survey of network-based defense mechanisms countering the DoS and DDoS problems
Full text PdfPdf (1.17 MB)
Source
ACM Computing Surveys (CSUR) archive
Volume 39 ,  Issue 1  (2007) table of contents
Article No. 3  
Year of Publication: 2007
ISSN:0360-0300
Authors
Tao Peng  Department of Computer Science and Software Engineering, The University of Melbourne, Australia
Christopher Leckie  Department of Computer Science and Software Engineering, The University of Melbourne, Australia
Kotagiri Ramamohanarao  Department of Computer Science and Software Engineering, The University of Melbourne, Australia
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 204,   Downloads (12 Months): 1435,   Citation Count: 8
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1216370.1216373
What is a DOI?

ABSTRACT

This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. In this survey, we analyze the design decisions in the Internet that have created the potential for denial of service attacks. We review the state-of-art mechanisms for defending against denial of service attacks, compare the strengths and weaknesses of each proposal, and discuss potential countermeasures against each defense mechanism. We conclude by highlighting opportunities for an integrated solution to solve the problem of distributed denial of service attacks.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Abdelsayed, S., Glimsholt, D., Leckie, C., Ryan, S., and Shami, S. 2003. An efficient filter for denial-of-service bandwidth attacks. In Proceedings of the 46th IEEE Global Telecommunications Conference (GLOBECOM'03). 1353--1357.
 
2
ARBOR. 2005. Worldwide ISP security report. Whitepaper. Arbor Networks, Lerington, MA.
 
3
F. Baker, Requirements for IP Version 4 Routers, RFC Editor, 1995
 
4
Bellovin, S. 2000. The ICMP traceback message. IETF Internet Draft. Internet Engineering Task Force (IETF). Go online to www.ietf.org
 
5
Bernstein, D. J. 1996. SYN cookies. Go online to http://cr.yp.to/syncookies.html.
 
6
Blažek, R. B., Kim, H., Rozovskii, B., and Tartakovsky, A. 2001. A novel approach to detection of “denial-of-service” attacks via adaptive sequential and batch-sequential change-point detection methods. In Proceedings of the 2001 IEEE Systems, Man and Cybernetics Information Assurance Workshop.
7
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, v.13 n.7, p.422-426, July 1970  [doi>10.1145/362686.362692]
 
8
Brodsky, B. E. and Darkhovsky, B. S. 1993. Nonparametric Methods in Change-point Problems. Kluwer Academic Publishers, Dordrecht, The Netherlands.
 
9
Hal Burch, Tracing Anonymous Packets to Their Approximate Source, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
10
Cabrera, J. B. D., Lewis, L., Qin, X., Lee, W., Prasanth, R. K., Ravichandran, B., and Mehra, R. K. 2001. Proactive detection of distributed denial of service attacks using MIB traffic variables---a feasibility study. In Proceedings of the 7th IFIP/IEEE International Symposium on Integrated Network Management (Seattle, WA). 609--622.
 
11
CAIDA. 2006. Nameserver DoS attack October 2002. Go online to http://www.caida.org/funding/dns-analysis/oct02dos.xml.
 
12
CERT. 1996. CERT Advisory CA-1996-26: denial-of-service attack via ping. Go online to http://www.cert.org/advisories/CA-1996-26.html.
 
13
CERT. 1998. CERT Advisory CA-1998-01: Smurf IP denial-of-service attacks. Go online to http://www.cert.org/advisories/CA-1998-01.html.
 
14
CERT. 2001. CERT Advisory CA-2001-19: “Code Red” Worm exploiting buffer overflow in IIS indexing service DLL. Go online to http://www.cert.org/advisories/CA-2001-19.html.
 
15
CERT. 2003. CERT Advisory CA-2003-19: Exploitation of vulnerabilities in Microsoft RPC Interface. Go online to http://www.cert.org/advisories/CA-2003-19.html.
 
16
CERT. 2006. CERT/CC statistics. Go online to http://www.cert.org/stats/cert_stats.html.
 
17
Chang, R. K. C. 2002. Defending against flooding-based distributed denial-of-service attacks: A tutorial. IEEE Commun. Mag. 40, 10 (Oct.), 42--51.
 
18
Chen, E. Y. 2006. Detecting dos attacks on SIP systems. In Proceedings of the 1st IEEE Workshop on VoIP Management and Security. 53--58.
 
19
Cheng, C.-M., Kung, H. T., and Tan, K.-S. 2002. Use of spectral analysis in defense against DoS attacks. In Proceedings of IEEE GLOBECOM 2002. 2143--2148.
 
20
Cheng, G. 2006. Malware FAQ: Analysis on DDOS tool Stacheldraht v1.666. Go online to http://www.sans.org/resources/malwarefaq/stacheldraht.php.
 
21
Steven Cheung, Denial of Service against the Domain Name System, IEEE Security and Privacy, v.4 n.1, p.40, January 2006  [doi>10.1109/MSP.2006.10]
22
D. Clark, The design philosophy of the DARPA internet protocols, Symposium proceedings on Communications architectures and protocols, p.106-114, August 16-18, 1988, Stanford, California, United States
 
23
Davis, M. 2006. Building better bots: Open-source processes enable production-grade malware. Sage: Security Vision from McAfee Avert Labs 1, 1 (Jul.), 26--35.
24
Drew Dean , Matt Franklin , Adam Stubblefield, An algebraic approach to IP traceback, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.119-137, May 2002  [doi>10.1145/505586.505588]
 
25
Deering, S. and Hinden, R. 1998. Internet protocol, version 6 (IPv6) specification. RFC 2401. Internet Engineering Task Force (IETF). Go online to www.ietf.org.
 
26
Dorothy E. Denning, An Intrusion-Detection Model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, February 1987  [doi>10.1109/TSE.1987.232894]
 
27
Sven Dietrich , Neil Long , David Dittrich, Analyzing Distributed Denial of Service Tools: The Shaft Case, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
28
David Evans , David Larochelle, Improving Security Using Extensible Lightweight Static Analysis, IEEE Software, v.19 n.1, p.42-51, January 2002  [doi>10.1109/52.976940]
 
29
P. Ferguson , D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor, 2000
 
30
Sally Floyd , Van Jacobson, Random early detection gateways for congestion avoidance, IEEE/ACM Transactions on Networking (TON), v.1 n.4, p.397-413, Aug. 1993  [doi>10.1109/90.251892]
 
31
Sally Floyd , Van Jacobson, Link-sharing and resource management models for packet networks, IEEE/ACM Transactions on Networking (TON), v.3 n.4, p.365-386, Aug. 1995  [doi>10.1109/90.413212]
 
32
Forrest, S. and Hofmeyr, S. 1999. Architecture for an artificial immune system. Evolution. Computat. J. 7, 1, 45--68.
 
33
Lee Garber, Denial-of-Service Attacks Rip the Internet, Computer, v.33 n.4, p.12-17, April 2000  [doi>10.1109/MC.2000.839316]
 
34
Gemberling, B., Morrow, C., and Greene, B. 2001. ISP security-real world techniques. Presentation, NANOG. Go online to www.nanog.org
 
35
Xianjun Geng , Andrew B. Whinston, Defeating Distributed Denial of Service Attacks, IT Professional, v.2 n.4, p.36-41, July 2000  [doi>10.1109/6294.869381]
 
36
Gibson, S. 2002. Distributed reflection denial of service. Go online to http://grc.com/dos/drdos.htm.
 
37
Thomer M. Gil , Massimiliano Poletto, MULTOPS: a data-structure for bandwidth attack detection, Proceedings of the 10th conference on USENIX Security Symposium, p.3-3, August 13-17, 2001, Washington, D.C.
 
38
Virgil D. Gligor, A note on denial-of-service in operating systems, IEEE Transactions on Software Engineering, v.10 n.3, p.320-324, May 1984  [doi>10.1109/TSE.1984.5010241]
 
39
Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Richardson, R. 2005. 2005 CSI/FBI Computer Crime and Security Survey. Available online at www.GCSI.com.
 
40
Handley, M. 2005. Internet Architecture WG: DoS-resistant Internet subgroup report. Available online at http://www.communications.net/object/download/1543/doc/mjh-dos-summary.pdf.
 
41
Hardin, G. 1968. The tragedy of the commons. Science, 1243--1248.
 
42
Honeynet. 2005. Know your enemy:tracking botnets. Whitepaper. The Honeynet Project&Research Alliance. Feb. Go online to www.honeynet.org/index.html.
43
Alefiya Hussain , John Heidemann , Christos Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany  [doi>10.1145/863955.863968]
 
44
Srikanth Kandula , Dina Katabi , Matthias Jacob , Arthur Berger, Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds, Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation, p.287-300, May 02-04, 2005
45
Frank Kargl , Joern Maier , Michael Weber, Protecting web servers from distributed denial of service attacks, Proceedings of the 10th international conference on World Wide Web, p.514-524, May 01-05, 2001, Hong Kong, Hong Kong  [doi>10.1145/371920.372148]
 
46
S. Kent , R. Atkinson, Security Architecture for the Internet Protocol, RFC Editor, 1998
47
Angelos D. Keromytis , Vishal Misra , Dan Rubenstein, SOS: secure overlay services, Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, August 19-23, 2002, Pittsburgh, Pennsylvania, USA
48
Ramana Rao Kompella , Sumeet Singh , George Varghese, On scalable attack detection in the network, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy  [doi>10.1145/1028788.1028812]
 
49
Kuhn, D., Walsh, T. J., and Fries, S. 2005. Security considerations for voice over IP systems. NIST Special Publication 800-58. National Institute of Science and Technology, Gaithersburg, MD.
 
50
Kulkarni, A., Bush, S., and Evans, S. 2001. Detecting distributed denial-of-service attacks using Kolmogorov complexity metrics. Tech. rep. 2001CRD176. GE Research&Development Center. Schectades, NY.
 
51
Lau, F., Rubin, S. H., Smith, M. H., and Trajković, L. 2000. Distributed denial of service attacks. In Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics. Vol. 3. 2275--2280.
 
52
Li, J., Mirkovic, J., Wang, M., Reither, P., and Zhang, L. 2002. Save: Source address validity enforcement protocol. In Proceedings of IEEE INFOCOM 2002. 1557--1566.
 
53
Lipson, H. F. 2002. Tracking and tracing cyber-attacks: Technical challenges and global policy issues. Special rep. CMU/SEI-2002-SR-009. CERT Coordination Center. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA.
54
Ratul Mahajan , Steven M. Bellovin , Sally Floyd , John Ioannidis , Vern Paxson , Scott Shenker, Controlling high bandwidth aggregates in the network, ACM SIGCOMM Computer Communication Review, v.32 n.3, p.62-73, July 2002  [doi>10.1145/571697.571724]
 
55
Manikopoulos, C. and Papavassiliou, S. 2002. Network intrusion and fault detection: A statistical anomaly approach. IEEE Commun. Mag. 40, 10 (Oct.), 76--82.
 
56
Measurement. 2005. The measurement factory DNS survey. Go online to http://dns.measurement-factory.com/surveys/sum1.html.
 
57
Millen, J. K. 1992. A resource allocation model for denial of service. In Proceedings of the IEEE Symposium on Security and Privacy. 137--147.
 
58
Jelena Mirkovic , Sven Dietrich , David Dittrich , Peter Reiher, Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security), Prentice Hall PTR, Upper Saddle River, NJ, 2004
 
59
Jelena Mirkovic , Gregory Prier , Peter L. Reiher, Attacking DDoS at the Source, Proceedings of the 10th IEEE International Conference on Network Protocols, p.312-321, November 12-15, 2002
60
Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004  [doi>10.1145/997150.997156]
61
Jelena Mirkovic , Max Robinson , Peter Reiher, Alliance formation for DDoS defense, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland  [doi>10.1145/986655.986658]
 
62
P. V. Mockapetris, Domain names - concepts and facilities, RFC Editor, 1987
 
63
P. V. Mockapetris, Domain names - implementation and specification, RFC Editor, 1987
64
William G. Morein , Angelos Stavrou , Debra L. Cook , Angelos D. Keromytis , Vishal Misra , Dan Rubenstein, Using graphic turing tests to counter automated DDoS attacks against web servers, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948114]
 
65
Morrow, C. and Gemberling, B. 2001. Blackhole route server and tracking traffic on an IP network. Go online to http://www.secsup.org/Tracking/.
66
Roger M. Needham, Denial of service: an example, Communications of the ACM, v.37 n.11, p.42-46, Nov. 1994  [doi>10.1145/188280.188294]
 
67
Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., and Govindan, R. 2003. Cossack: Coordinated suppression of simultaneous attacks. In Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX 2003). Vol. 2. 94--96.
 
68
Park, K. and Lee, H. 2001a. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In Proceedings of IEEE INFOCOM 2001. 338--347.
69
Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
70
Vern Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review, v.31 n.3, July 2001  [doi>10.1145/505659.505664]
 
71
Peng, T., Leckie, C., and Kotagiri, R. 2004. Proactively detecting distributed denial of service attacks using source ip address monitoring. In Proceedings of the Third International IFIP-TC6 Networking Conference (Networking 2004). 771--782.
 
72
Tao Peng , Christopher Leckie , Kotagiri Ramamohanarao, Adjusted Probabilistic Packet Marking for IP Traceback, Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications, p.697-708, May 19-24, 2002
 
73
Peng, T., Leckie, C., and Ramamohanarao, K. 2002b. Defending against distributed denial of service attack using selective pushback. In Proceedings of the 9th IEEE International Conference on Telecommunications (ICT 2002) (Beijing, China). 411--429.
 
74
Peng, T., Leckie, C., and Ramamohanarao, K. 2003. Prevention from distributed denial of service attacks using history-based IP filtering. In Proceeding of the 38th IEEE International Conference on Communications (ICC 2003) (Anchorage, Alaska). 482--486.
 
75
Y. Rekhter , T. Li, A Border Gateway Protocol 4 (BGP-4), RFC Editor, 1995
76
Jon A. Rochlis , Mark W. Eichin, With microscope and tweezers: the worm from MIT's perspective, Communications of the ACM, v.32 n.6, p.689-698, June 1989  [doi>10.1145/63526.63528]
 
77
J. Rosenberg , H. Schulzrinne , G. Camarillo , A. Johnston , J. Peterson , R. Sparks , M. Handley , E. Schooler, SIP: Session Initiation Protocol, RFC Editor, 2002
78
Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
 
79
Scalzo, F. 2006. Recent dns reflector attacks. VeriSign. Go online to http://www.nanog.org/mtg-0606/pdf/frank-scalzo.pdf.
 
80
Christoph L. Schuba , Ivan V. Krsul , Markus G. Kuhn , Eugene H. spafford , Aurobindo Sundaram , Diego Zamboni, Analysis of a Denial of Service Attack on TCP, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.208, May 04-07, 1997
 
81
Sisalem, D., Ehlert, S., Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Markl, J., Rokos, M., Botron, O., Rodriguez, J., and Liu, J. 2005. Towards a secure and reliable VoIP infrastructure. Tech. rep. D2.1. SNOCER. May.
82
Alex C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.3-14, August 2001, San Diego, California, United States
 
83
Song, D. X. and Perrig, A. 2001. Advanced and authenticated marking schemes for IP traceback. In Proceedings of IEEE INFOCOM 2001. 878--886.
 
84
Oliver Spatscheck , Larry L. Peterson, Defending against denial of service attacks in Scout, Proceedings of the third symposium on Operating systems design and implementation, p.59-72, February 1999, New Orleans, Louisiana, United States
 
85
Robert Stone, Centertrack: an IP overlay network for tracking DoS floods, Proceedings of the 9th conference on USENIX Security Symposium, p.15-15, August 14-17, 2000, Denver, Colorado
 
86
Udaya Kiran Tupakula , Vijay Varadharajan, A practical method to counteract denial of service attacks, Proceedings of the 26th Australasian computer science conference, p.275-284, February 01, 2003, Adelaide, Australia
 
87
US-CERT. 2005. Technical cyber security alert TA05-210A. Cisco IOS IPv6 vulnerability. Go online to http://www.us-cert.gov/cas/techalerts/TA05-210A.html.
 
88
Vaughn, R. and Evron, G. 2006. DNS amplification attacks. Go online to http://www.isotf.org/news/DNS-Amplification-Attacks.pdf.
 
89
P. Vixie, Extension Mechanisms for DNS (EDNS0), RFC Editor, 1999
 
90
Vixie, P., Sneeringer, G., and Schleifer, M. 2002. Events of 21-Oct-2002. Go online to www.isc.org/ops/f-root/october21.txt.
 
91
Marcel Waldvogel, GOSSIB vs. IP Traceback Rumors, Proceedings of the 18th Annual Computer Security Applications Conference, p.5, December 09-13, 2002
 
92
Wang, H., Zhang, D., and Shin, K. G. 2002. Detecting SYN flooding attacks. In Proceedings of IEEE INFOCOM 2002. 1530--1539.
93
Jia Wang, A survey of web caching schemes for the Internet, ACM SIGCOMM Computer Communication Review, v.29 n.5, October 1999  [doi>10.1145/505696.505701]
 
94
Paul D. Williams , Kevin P. Anchor , John L. Bebo , Gregg H. Gunsch , Gary D. Lamont, CDIS: Towards a Computer Immune System for Detecting Network Intrusions, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, p.117-133, October 10-12, 2001
 
95
W. Richard Stevens , Gary R. Wright, TCP/IP illustrated (vol. 2): the implementation, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
 
96
Wu, S. F., Zhang, L., Massey, D., and Mankin, A. 2001. Intension-Driven ICMP Trace-Back. IETF Internet Draft. Go online to www.ietf.org.
 
97
Yau, D. K. Y., Lui, J. C. S., and Liang, F. 2002. Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles. In Proceedings of the IEEE International Workshop on Quality of Service (IWQoS) (Miami Beach, FL). 35--44.
 
98
Zhang, Z., Li, J., Manikopoulos, C., Jorgenson, J., and Ucles, J. 2001. HIDE: A hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (United States Military Academy, West Point, NY).

CITED BY  8
M. Benini , S. Sicari, Assessing the risk of intercepting VoIP calls, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.12, p.2432-2446, August, 2008
Marek Ostaszewski , Pascal Bouvry , Franciszek Seredynski, Multiobjective classification with moGEP: an application in the network traffic domain, Proceedings of the 11th Annual conference on Genetic and evolutionary computation, July 08-12, 2009, Montreal, Québec, Canada
Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments, Simulation, v.83 n.3, p.291-303, March 2007
Sascha Rehbock , Ray Hunt, Trustworthy clients: Extending TNC to web-based environments, Computer Communications, v.32 n.5, p.1006-1013, March, 2009
B. B. Gupta , R. C. Joshi , Manoj Misra, An efficient analytical solution to thwart DDoS attacks in public domain, Proceedings of the International Conference on Advances in Computing, Communication and Control, January 23-24, 2009, Mumbai, India
Marco Serafini , Neeraj Suri, Reducing the costs of large-scale BFT replication, Proceedings of the 2nd Workshop on Large-Scale Distributed Systems and Middleware, September 15-17, 2008, Yorktown Heights, New York
Udaya Kiran Tupakula , Vijay Varadharajan , Srini Rao Pandalaneni, DoSTRACK: a system for defending against DoS attacks, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
Kamel H. Rahouma , Khalid S. Nasr, Design of the host guard firewall for network protection, Proceedings of the 7th WSEAS international conference on Information security and privacy, p.61-72, December 29-31, 2008, Cairo, Egypt

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations


General Terms:
Reliability, Security


Keywords:
Botnet, DDoS, DNS reflector attack, DoS, IP spoofing, IP traceback, IRC, Internet security, SYN flood, VoIP security, bandwidth attack, resource management

Collaborative Colleagues:
Tao Peng: colleagues
Christopher Leckie: colleagues
Kotagiri Ramamohanarao: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player