(idea) by stupot Wed Jul 03 2002 at 21:20:03

Introduction

A Denial of Service attack is an often successful attempt by a perpetrator to render an internet service (most usually a web site) useless - hence it denies legitimate users access to the service.

The methods used vary in complexity, with smaller sites require less complex measures to take them down. It should be noted that the service itself need not be broken into in order to perform the attack, although other innocent machines may be compromised.

A Simple Attack

The simplest attack probably consists of pinging a host with as quickly as possible with as many packets as possible. This will only affect the smallest of servers, and obviously the attacking machine must be capable of higher-capacity operations than the victim, if it is to survive. A more punishing attack can consist of HTTP GET packets, which will stress the processor of the victim more; and take more bandwidth.

Servers (and the routers providing their connection to the net) often have filters to discard such a flood of packets from a single source in order to fend off these attacks, although IP Spoofing may be used to avoid this defence.

Distributed Denial of Service

A Distributed DOS attack requires that many servers attack at a specific time. The reason for doing this is that the total combined bandwidth of the attackers will be higher than the bandwidth of the victim.

Often, the attacking machines will be owned by innocent bystanders who won't know their machine is compromised. A common method of synchronising attacks is for compromised machines to log onto and watch an IRC channel set up by the perpetrators. On the command, many thousands of machines will attack a given site, from many different directions. As the machine becomes unstable, its routers start to notify upstream routers of problems. The messages now start passing both ways - DOS messages one way, and 'router busy' messages passing back up the stream. Many, many machines can be taken down by a comprehensive attack.

The Slashdot Effect

A distributed attack is regularly, and accidentally launched against servers by a phenomenon known as the slashdot effect. Due to the number of people reading /. and the few stories which are posted, a new story will generate thousands upon thousands of hits on a site as people follow the links posted. Many of the world's smaller servers creak and eventually break under the pressure.

An IRC Example

The simplest attack possible on IRC is for a user to repeatedly hit the return key, so that messages scroll off the screens of most users before they have a chance to read them. Again, many IRC servers have protection against this flooding, and users will be kicked off the system, and probably banned.

Motives

There are often political, religious or other ideological motives behind a DOS attack, and mercenary crackers are sometimes recruited by militant action groups to perform them. Other groups may simply want to find out how much abuse a large site is capable of taking before it creaks under the pressure.

In many jurisdictions it is illegal to launch such an attack.

del.icio.us Facebook Digg StumbleUpon Reddit (I like it!) 1 C!
Y'know, if you log in, you can write something here, or contact authors directly on the site. Create a New User if you don't already have an account.