Denial of Service

Study Guide


  • DoS - Denial of Service. Prevents or reduces an internet applications ability to be used by others. 
  • Operating System attacks - A DoS attack which targets bugs in specific operating systems and can be fixed with patches. 
  • Networking attacks - A DoS attack which exploit inherent limitations of networking and may require firewall protection. 
  • Nuke - also called "hacking" or "cyber-attacks", are just different names for DoS attacks. 
  • Smurf attacks - named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim. 
  • Fraggle attack - analogous to the smurf attack, except that UDP echo requests are used for the stimulus stream instead of ICMP echo requests. The third and fourth lines of the access list identify fraggle attacks. The appropriate response for the victims is the same, except that UDP echo is a less important service in most networks than is ICMP echo, and can therefore be disabled completely with fewer negative consequences. 
  • Distributed DoS attack - utilizes a number of compromized systems to launch a large scale attack on one location. Since there may be hundreds or thousands of extra computers involved, the magnitude of the attack is greater than most other attacks listed.


Denial of service is when someone decides to make your network or firewall useless and unavailable to others by disrupting it, crashing it, jamming it, or flooding it. The problem with denial of service on the Internet is that it is impossible to prevent. The reason has to do with the distributed nature of the network: every network node is connected via other networks which in turn connect to other networks, etc. A firewall administrator or ISP only has control of a few of the local elements within reach. Many universities have become the hosts for such attacks, because there are so many computers available for public use. An attacker can always disrupt a connection "upstream" from where the victim controls it. In other words, if someone wanted to take a network off the air, they could do it either by taking the network off the air, or by taking the networks it connects to off the air, ad infinitum.

There are many, many, ways someone can deny service, ranging from the complex to the brute-force. Presenting these attacks to the media can be good to inform others of the potential risks they face. It can also be a drawback, because people want to mimic these actions. Denial of service attacks have been increasing in popularity because kids can simply download software that will do the attack work for them. All they need is an internet connection and a compiler, such as gcc that comes along with a free distribution of Linux. With these 'easy to use' programs, people think they should not be held accountable for their actions if they really didn't know what they were doing. There is a hefty penalty for getting caught disrupting someone else's services by a DoS attack.Someone found guilty of engaging in a DoS attack will suffer a penalty of 6 months to 5 years in jail and up to a $250,000 fine.

Denial-of-service (DoS) attacks fall into four broad categories: Tying up a server, Tying up CPU cycles or resources, Disabling web traffic (this can also happen accidentally), and Mail bombs.The intent of a DoS is to prevent other users from being able to access certain Internet process.

Distributed Denial-of-service (DDoS)

Distributed Denial of service attacks work the same as other DoS attacks but instead of sending the congestion from one computer it is sent from manny. This is done because most servers have a pattern recognition system to prevent multiple request from the same source. Therefore, by distributing the calls the target server dosen't realize its under attack. In order for such an attack to work the attacker has tocontrol several other machines.

A DDoS attack is one that comes from many "dummy" computers at the same time to flood the server.  This is done either so that it is harder to trace or so that they can use more bandwidth.  DDoS attacks are what have been used recently to take down large web servers such as Yahoo! and Microsoft.

Tracing attacks

Most hackers spoof their IP or bounce data off of another machine so that it is hard to track them.  It is even harder to trace down the culprit of a DDoS attack because even if the user does connect directly it is one of many that are connecting so it is dificult to find the real culpret.

DoS Prevention

Some attacks can be prevented. Many exploit flaws in software that can be fixed easily.  Some attacks cannot be prevented though.  Brute force attacks for example are very hard to prevent.  There are some firms that are working to prevent DDoS attacks but it is very difficult to do and there are currently no good solutions out on the market.

Security experts agree that attacks that blocked access to Yahoo, eBay, and other popular Web sites are indefensible as they occur. Some DoS attacks can be prevented with a firewall but they have to be configured properly or they are a waste .

How To Report a DoS Attack

There are several ways to Report a computer attack, depending on the type of attack . If you follow precautionary procedure you will reduce your risk of an attack and reduce the down when one happens. By following these procedures after a Dos attack you will also increase the chance of catching the attacker.
  • Record the time of the attack.
  • Record your own IP address at the time of attack.
  • Record the attackers IP address if possible.
  • Never fight back by attacking the attacker.
  • If you are using a dialin, disconnect and reconnect to your ISP.
  • Find out what domain the attacker's IP address is in.
  • Contact your internet service provider for help and have them advise you of your rights in this matter.

Ethical implications

Denial of Service attacks can be considered an invasion of a persons/companys personal space. This invasion is mild in comparison to real-life crimes. But, as more and more news storys come out about Internet crimes more and more criminals are turning an eye to their computer. Cyber protesters are also finding the Internet. They can draw attention to a cause with out having to risk the pepper spray. The only legitimate reason for a DoS attack would be to increase security of your own network. This can be done by hiring someone to break into you system or to attack with a DoS. However, this brings up the question: How do you train a consultant to attack a system with out letting him attack a system?