DoS & DDoS
Attacks
Introduction
In
this section we are going to have a quick look
at DoS
and
DDoS
attacks, how they are
performed and why they attract so much attention
! We won't be getting into much detail as we are
just trying to give everyone a better
understanding of the problem.
Denial of Service attacks
Denial of Service (DoS)
attacks can be a serious
federal crime with penalties that include years
of imprisonment and many countries have laws
that attempt to protect against this. At the
very least, offenders routinely lose their
Internet Service Provider (ISP) accounts, get
suspended if school resources are involved, etc.
There are two types of
DoS
attacks:
1)
Operating System attacks:
Which target bugs in
specific operating systems and can be fixed with
patches.
2) Networking
attacks: Which
exploit inherent limitations of networking and
may require firewall protection.
Operating System
Attacks
These attacks exploit bugs in a specific
operating system (OS), which is the basic
software that your computer runs, such as
Windows 98 or MacOS. In general, when these
problems are identified, the vendor, such as
Microsoft, will release an update or bug fix for
for them.
So, as a first step,
always make sure you have the very latest
version of your operating system, including all
bug fixes. All Windows users should regularly
visit
Microsoft's Windows Update Site
(and I mean at least once a week!) which
automatically checks to see if you need any
updates.
Networking
Attacks
These attacks exploit
inherent limitations of networking to disconnect
you from your ISP, but don't usually cause your
computer to crash. Sometimes it doesn't even
matter what kind of operating system you use and
you cannot patch or fix the problem directly.
The attacks on Yahoo and Amazon by "mafiaboy"
were large scale networking attacks and
demonstrated that nobody is safe against a very
determined attacker.
Network attacks include
ICMP
flood (ping
flood) and smurf
which are outright floods of data to overwhelm
the capacity of your connection, spoofed unreach/redirect
also known as "click" which tricks your computer
into thinking there is a network failure and
voluntarily breaking the connection (this is
used to disconnect MIRC users), and a whole new
generation of
distributed denial of service attacks
(we speak about them later
on).
Just because you were
disconnected with some unusual error message
doesn't mean you were attacked. Almost all
disconnects are due to natural network failures.
On the other hand, you should feel suspicious if
you are frequently disconnected.
What can you do about networking attacks? If the
attacker is flooding you, essentially you need
to have a better connection than he does.
Otherwise your only recourse may be a firewall
run by your ISP.
Distributed
Denial-of-Service
A
distributed
denial-of-service (DDoS)
attack is similair to the
DoS
attack described above,
but involves a multitude of compromised systems
which attack a single target, thereby causing
denial of service for users of the targeted
system. The flood of incoming messages to the
target system essentially forces it to shut
down, thereby denying service to the system to
legitimate users.
A hacker (or, if you
prefer, cracker) begins a
DDoS
attack by exploiting a
vulnerability in one computer system and making
it the DDoS
"master."
It is from the
master system that
the intruder identifies and communicates with
other systems that can be compromised. The
intruder loads cracking tools available on the
Internet on multiple -- sometimes thousands of
-- compromised systems. With a single command,
the intruder instructs the controlled machines
to launch one of many
flood attacks
against a specified
target. The result of these packets which are
sent to the target causes a denial of service.
While the press tends to
focus on the target of
DDoS
attacks as the victim, in
reality there are many victims in a DDoS attack
-- the final target and as well the systems
controlled by the intruder.
