Monday, July 30, 2012

DoS & DDoS Attacks


Introduction

In this section we are going to have a quick look at DoS and DDoS attacks, how they are performed and why they attract so much attention ! We won't be getting into much detail as we are just trying to give everyone a better understanding of the problem.

Denial of Service attacks
Denial of Service (DoS) attacks can be a serious federal crime with penalties that include years of imprisonment and many countries have laws that attempt to protect against this. At the very least, offenders routinely lose their Internet Service Provider (ISP) accounts, get suspended if school resources are involved, etc.
There are two types of DoS attacks:
1) Operating System attacks: Which target bugs in specific operating systems and can be fixed with patches.
2) Networking attacks: Which exploit inherent limitations of networking and may require firewall protection.
Operating System Attacks
These attacks exploit bugs in a specific operating system (OS), which is the basic software that your computer runs, such as Windows 98 or MacOS. In general, when these problems are identified, the vendor, such as Microsoft, will release an update or bug fix for for them.
So, as a first step, always make sure you have the very latest version of your operating system, including all bug fixes. All Windows users should regularly visit Microsoft's Windows Update Site (and I mean at least once a week!) which automatically checks to see if you need any updates.

Networking Attacks
These attacks exploit inherent limitations of networking to disconnect you from your ISP, but don't usually cause your computer to crash. Sometimes it doesn't even matter what kind of operating system you use and you cannot patch or fix the problem directly. The attacks on Yahoo and Amazon by "mafiaboy" were large scale networking attacks and demonstrated that nobody is safe against a very determined attacker.
Network attacks include ICMP flood (ping flood) and smurf which are outright floods of data to overwhelm the capacity of your connection, spoofed unreach/redirect also known as "click" which tricks your computer into thinking there is a network failure and voluntarily breaking the connection (this is used to disconnect MIRC users), and a whole new generation of distributed denial of service attacks (we speak about them later on).
Just because you were disconnected with some unusual error message doesn't mean you were attacked. Almost all disconnects are due to natural network failures. On the other hand, you should feel suspicious if you are frequently disconnected.
What can you do about networking attacks? If the attacker is flooding you, essentially you need to have a better connection than he does. Otherwise your only recourse may be a firewall run by your ISP.

Distributed Denial-of-Service
A distributed denial-of-service (DDoS) attack is similair to the DoS attack described above, but involves a multitude of compromised systems which attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The result of these packets which are sent to the target causes a denial of service.
While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder.

No comments:

Post a Comment