Joonja's Realm     |     home
Commentary: New Tools, Old Rules   |   Denial of Service   |   How Denial-of-Service Attacks Work   |   Bill Gates Hacked     |   Will Work for Fraud   |   AOL Scam   |   DoS attacks







Is the internet safe enough for eCommerce?
Would you risk your money and personal information?
Hacking & Security




                                    

                


How Denial-of-Service Attacks Work


How Denial-of-Service Attacks Work

The recent denial-of-service attacks on major websites raises
the question of how denial-of-service happens. These attacks
have happened quickly and become widespread.

Yahoo, eBay, ZDNet, and the multitude of other major
websites that have been hit are extremely vulnerable and
almost completely defenseless to these type of attacks
commonly known as a Tribal Flood.

Ultimately, these websites are going down due to a massive
amount of traffic coming simultaneously from many locations.
Yahoo reported incoming traffic amounting to one gigabit a
second, while a different major victim identified queries from
over 100,000 different IP addresses.

There are three different players in each attack. Let's call these
players A, B, and C. A is the attacker or "bad guy," B is any
multitude of unwitting accomplices, and C is the target of the
attack (such as Yahoo).

Player A will run a script looking for sites they can get into and
enter a script. It is essentially searching for vulnerabilities in
systems (our player B) all over the Internet where it can install a
system that generates packets sent straight at player C.
This script can be left to execute immediately or at any time in
the future, kind of like a time bomb. There are different kinds of
attacks including ICMP, Ping, and TCP.
In a Ping scenario, when the script goes off, each player B
computer is contacted and told to broadcast to other computers.
In turn, this generates an incredible number of ping requests
coming from thousands of computers.

To complicate matters, instead of releasing its original return
address, each pinging computer gives the target's address as the
return. The numbers of ping requests increase almost
exponentially with the eventual result that the target crashes due
to its inability to handle such a high volume of traffic.

Popular websites are unable to defend against these types of
attacks directly. First of all, traffic appears to be normal and
therefore gets right through firewalls. If they cut off the flood from
one IP address, they will continue to be flooded from others. It is
likely these attacks weren't quashed or controlled by the victims,
but rather ceased attacking on their own.

Packetstorming, Tribal Flooding, and all these methods to overload
networks have existed for quite some time, not only in theory but in
small spread practice. Any unattended networked computer can be
used to distribute these attacks.

The security issue is the responsibility of the ISPs rather than that
of the companies and organizations whose websites are being
attacked. It is the burden of those who provide Internet access to
player B's computers to not allow "spoofed" addresses to travel on
through their ISP.

A well-configured ISP should not allow this. There are too many ISPs
with too few technical experts to help them




Leo sheds some light on the DoS attacks
Get RealPlayer.