Study Guide
Definitions
-
DoS - Denial
of Service. Prevents or reduces an internet applications ability to be
used by others.
-
Operating System
attacks - A DoS attack which targets bugs in specific operating systems
and can be fixed with patches.
-
Networking attacks
- A DoS attack which exploit inherent limitations of networking and may
require firewall protection.
-
Nuke - also called "hacking" or "cyber-attacks", are just different names
for DoS attacks.
-
Smurf
attacks - named after its exploit program, is one of the most recent
in the category of network-level attacks against hosts. A perpetrator sends
a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all
of it having a spoofed source address of a victim.
-
Fraggle attack - analogous to the smurf attack, except that UDP echo requests
are used for the stimulus stream instead of ICMP echo requests. The third
and fourth lines of the access list identify fraggle attacks. The appropriate
response for the victims is the same, except that UDP echo is a less important
service in most networks than is ICMP echo, and can therefore be disabled
completely with fewer negative consequences.
- Distributed DoS attack - utilizes a number of compromized systems to launch a large
scale attack on one location. Since there may be hundreds or thousands of extra computers involved, the magnitude of the attack is greater than most other attacks listed.
Denial-of-service
Denial
of service is when someone decides to make your network or firewall
useless and unavailable to others by disrupting it, crashing it, jamming
it, or flooding it. The problem with denial of service on the Internet
is that it is impossible to prevent. The reason has to do with the distributed
nature of the network: every network node is connected via other networks
which in turn connect to other networks, etc. A firewall administrator
or ISP only has control of a few of the local elements within reach. Many
universities
have become the hosts for such attacks, because there are so many computers
available for public use. An attacker can always disrupt a connection "upstream"
from where the victim controls it. In other words, if someone wanted to
take a network off the air, they could do it either by taking the network
off the air, or by taking the networks it connects to off the air, ad infinitum.
There are many, many, ways someone can deny service, ranging from the complex
to the brute-force. Presenting these attacks to the media can be good to
inform others of the potential risks they face. It can also be a drawback,
because people want to mimic
these actions. Denial of service attacks have been increasing in popularity
because kids can simply download software that will do the attack work
for them. All they need is an internet connection and a compiler, such
as gcc that comes along with a free distribution of Linux. With these 'easy
to use' programs, people think they should not be held accountable
for their actions if they really didn't know what they were doing. There
is a hefty penalty
for getting caught disrupting someone else's services by a DoS attack.Someone
found guilty of engaging in a DoS attack will suffer a penalty of 6 months
to 5 years in jail and up to a $250,000 fine.
Denial-of-service (DoS) attacks fall into four broad
categories:
Tying up a server, Tying up CPU cycles or resources, Disabling
web traffic (this can also happen accidentally), and Mail bombs.The intent
of a
DoS is to prevent other users from being able to access certain Internet
process.
Distributed Denial-of-service (DDoS)
Distributed Denial of service
attacks
work
the same as other DoS attacks but instead of sending the congestion from
one computer it is sent from manny. This is done because most servers have
a pattern recognition system to prevent multiple request from the same
source. Therefore, by distributing the calls the target server dosen't
realize its under attack. In order for such an attack to work the attacker
has tocontrol
several
other machines.
A DDoS attack is one that comes from many "dummy" computers at the same
time to flood the server. This is done either so that it is harder
to trace or so that they can use more bandwidth. DDoS attacks are
what have been used recently to take down large web servers such as Yahoo!
and Microsoft.
Tracing attacks
Most hackers spoof their IP or bounce data off of another
machine so that it is hard to track them. It is even harder to trace
down the culprit of a DDoS attack because even if the user does connect
directly it is one of many that are connecting so it is dificult to find
the real culpret.
DoS Prevention
Some attacks can be prevented. Many exploit flaws in software that
can be fixed easily. Some attacks cannot be prevented though.
Brute force attacks for example are very hard to prevent. There are
some firms that are working to prevent DDoS attacks but it is very difficult
to do and there are currently no good solutions out on the market.
Security experts agree that attacks
that blocked access to Yahoo, eBay, and other popular Web sites are indefensible
as they occur. Some DoS attacks can be prevented with a firewall
but
they have to be configured properly or they are a waste
.
How To Report a DoS Attack
There are several ways to Report a computer attack, depending on the type
of
attack
.
If
you follow
precautionary
procedure you will reduce your risk of an attack and
reduce the down when one happens.
By following these
procedures
after a Dos attack you will also increase the chance of catching the attacker.
-
Record the time of the attack.
-
Record your own IP address at the time of attack.
-
Record the attackers IP address if possible.
-
Never fight back by attacking the attacker.
-
If you are using a dialin, disconnect and reconnect to your ISP.
-
Find out what domain the attacker's IP address is in.
-
Contact your internet service provider for help and have them advise you
of your rights in this matter.
Ethical implications
Denial of Service attacks can be considered an invasion of a persons/companys
personal space. This invasion is mild in comparison to
real-life
crimes. But, as more and more news storys come out about Internet crimes
more and more criminals are turning an eye to their computer. Cyber
protesters are also finding the Internet. They can draw attention to
a cause with out having to risk the pepper spray. The only legitimate
reason for a DoS attack would be to increase security of your own network.
This can be done by hiring someone to break into you system or to attack
with a DoS. However, this brings up the question: How do you train a consultant
to attack a system with out letting him attack a system?
|