In this section we are going to have a quick look at
DoS and DDoS
attacks, how they are performed and why they attract so much attention
! We won't be getting into much detail as we are just trying to give
everyone a better understanding of the problem.
Denial of Service attacks
Denial of Service (DoS)
attacks can be a serious federal crime with penalties that include
years of imprisonment and many countries have laws that attempt to
protect against this. At the very least, offenders routinely lose
their Internet Service Provider (ISP) accounts, get suspended if school
resources are involved, etc.
There are two types of DoS
attacks:
1) Operating System attacks:
Which target bugs in specific operating systems and can be fixed with
patches.
2) Networking attacks:
Which exploit inherent limitations of networking and may require firewall
protection.
Operating System Attacks
These attacks exploit bugs in a specific operating
system (OS), which is the basic software that your computer runs,
such as Windows 98 or MacOS. In general, when these problems are identified,
the vendor, such as Microsoft, will release an update or bug fix for
for them.
So, as a first step, always make sure you have the very
latest version of your operating system, including all bug fixes.
All Windows users should regularly visit Microsoft's
Windows Update Site (and I mean at least once a week!) which automatically
checks to see if you need any updates.
Networking Attacks
These attacks exploit inherent limitations of networking
to disconnect you from your ISP, but don't usually cause your computer
to crash. Sometimes it doesn't even matter what kind of operating
system you use and you cannot patch or fix the problem directly. The
attacks on Yahoo and Amazon by "mafiaboy" were large scale
networking attacks and demonstrated that nobody is safe against a
very determined attacker.
Network attacks include ICMP
flood (ping flood) and smurf which are
outright floods of data to overwhelm the capacity of your connection,
spoofed unreach/redirect also known as "click" which tricks
your computer into thinking there is a network failure and voluntarily
breaking the connection (this is used to disconnect MIRC users), and
a whole new generation of distributed denial
of service attacks (we speak about them later on).
Just because you were disconnected with some unusual
error message doesn't mean you were attacked. Almost all disconnects
are due to natural network failures. On the other hand, you should
feel suspicious if you are frequently disconnected.
What can you do about networking attacks? If the attacker is flooding
you, essentially you need to have a better connection than he does.
Otherwise your only recourse may be a firewall run by your ISP.
Distributed Denial-of-Service
A distributed denial-of-service
(DDoS) attack is similair to the DoS
attack described above, but involves a multitude of compromised systems
which attack a single target, thereby causing denial of service for
users of the targeted system. The flood of incoming messages to the
target system essentially forces it to shut down, thereby denying
service to the system to legitimate users.
A hacker (or, if you prefer, cracker) begins a DDoS
attack by exploiting a vulnerability in one computer system and making
it the DDoS "master."
It is from the master system that the
intruder identifies and communicates with other systems that can be
compromised. The intruder loads cracking tools available on the Internet
on multiple -- sometimes thousands of -- compromised systems. With
a single command, the intruder instructs the controlled machines to
launch one of many flood attacks against
a specified target. The result of these packets which are sent to
the target causes a denial of service.
While the press tends to focus on the target of DDoS
attacks as the victim, in reality there are many victims in a DDoS
attack -- the final target and as well the systems controlled by the
intruder.
The Flash animation below which I found at MSNBC shows
this quite clearly:
