Next Topic: Denial of Service attacks

Friends, tomorrow onwards, we will look at various aspects of Denial of Service attacks. The discussion will include topics such as:

• 
  
  What is a Denial of Service Attack?
• 
  
  What is a Distributed Denial of Service Attack?
• 
  
  Why are they difficult to protect against?
• 
  
  Types of denial of service attacks
• 
  
  Tools for running DOS attacks
• 
  
  Tools for running DDOS attacks
• 
  
  Denial of Service Countermeasures

It's Real

On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

(Business Week Online, 12 February 2000)

What became obvious over the hours was the victimization of the site by a distributed denial of service attack from hundreds of geographically dispersed Internet-connected machines sending millions of request for service packets. This resulted in an operational problem that eventually left the organization incapable of serving its legitimate customers.

According to the Yankee Group, estimated costs of the above mentioned attack totaled $1.2 billion cumulative and the attack on Amazon alone cost between $200,000 and $300,000 per hour. The loss in terms of customer goodwill, corporate reputation and public trust is likely to have been greater - given the mainstream media coverage of these attacks largely because of its sheer scale and high profile victims. The first DoS attack was recorded way back in 1988 and was instrumental in setting up of the CERT Coordination Center. The February 2000 attack was not the last either despite law enforcement agencies scooping up a 15-year-old Canadian teenager, who went by the alias "Mafia boy", who had reportedly launched the attacks using a DDoS tool called Tribe Flood Network 2000.

Major DDoS attacks still make the news. In January 20 01, Microsoft became the victim of such an attack. Microsoft's primary Web site and associated sites for MSN such as, online travel site Expedia.com, the auto sales site CarPoint, and the Microsoft email service Hotmail were inaccessible for several hours. The Code Red Worm targeting the white house in the stillborn second phase of its attack amassed 359,000 machines worldwide in just 14 hours. Even CERT was not spared as in May 2000; a DDoS was launched against it resulting in losses that totaled $100,000.

What is a Denial Of Service Attack?

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.

Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer's network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests cannot get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed and the computer can no longer process legitimate user requests.

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include

• 
  
  attempts to "flood" a network, thereby preventing legitimate network traffic
• 
  
  attempts to disrupt connections between two machines, thereby preventing access to a service
• 
  
  attempts to prevent a particular individual from accessing a service
• 
  
  attempts to disrupt service to a specific system or person

Not all service outages, even those that result from malicious activity, are necessarily denial-of-service attacks. Other types of attack may include a denial of service as a component, but the denial of service may be part of a larger attack. Illegitimate use of resources may also result in denial of service. For example, an intruder may use of an anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating network traffic

A denial of service attack can also destroy programming and files in a computer system. Although usually intentional and malicious, a denial of service attack can sometimes happen accidentally. A denial of service attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss. However, these attacks can cost the target person or company a great deal of time and money.

Types of denial of service attacks

• 
  
  There are several general categories of DoS attacks.
• 
  
  Popularly, the attacks are divided into three classes:
  • 
    
    bandwidth attacks,
  • 
    
    protocol attacks, and
  • 
    
    logic attacks.

DoS attacks exploit the asymmetric nature of certain types of network traffic. One attack method seeks to cause the target to use more resources processing traffic than the attacker does sending the traffic.