"denial of service" attacks

Could someone explain what it is in basic terminology?

-----
Check out the New Album
http://cutout.ath.cx
Listen my music at
http://www.rocketradio.com/mrjason
Get my previous CD East End
http://www.cdbaby.com/mrjason

Mr.Jason wrote:
> Could someone explain what it is in basic terminology?
>

I'm not an expert, but I'll try:

a socalled DOS-attack means that a "service" (i.e a webserver or a
mailserver) is flooded with so many false/faked/flawed requests that it
has no resources (network-bandwidth, CPU, RAM ...) to answer
real/serious requests and therefore the service is not available any more.

A good DOS-attack is originated by many hosts on the internet at the
same time (usually wormed computers with backdoors are used for this
purpose - see also botnet) so that the first strike is hard enough to
shut down the targeted service and so that its extremely difficult to
shield against the attack by just drop all traffic from the attacking
network, cause the attacks comes from all sides.

hope this helps,

best,
pete


--
http://www.goldfisch.at/know_list

peter pilsl wrote:
> A good DOS-attack is originated by many hosts on the internet at the
> same time (usually wormed computers with backdoors are used for this
> purpose - see also botnet) so that the first strike is hard enough to
> shut down the targeted service and so that its extremely difficult to
> shield against the attack by just drop all traffic from the attacking
> network, cause the attacks comes from all sides.

This is usually named DDOS (Distributed DOS), and is the more dangerous
of the DOS known. Honeynet.org has made a paper about the
Botnets that concludes that one hacker or group of hackers could control
hundred thousands of computers with just one click to do a DDOS over a
computer or network.

> best,
> pete

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

peter pilsl wrote:
> Mr.Jason wrote:
>
>> Could someone explain what it is in basic terminology?
>>
>
> I'm not an expert, but I'll try:
>
> a socalled DOS-attack means that a "service" (i.e a webserver or a
> mailserver) is flooded with so many false/faked/flawed requests that it
> has no resources (network-bandwidth, CPU, RAM ...) to answer
> real/serious requests and therefore the service is not available any more.
>
> A good DOS-attack is originated by many hosts on the internet at the
> same time (usually wormed computers with backdoors are used for this
> purpose - see also botnet) so that the first strike is hard enough to
> shut down the targeted service and so that its extremely difficult to
> shield against the attack by just drop all traffic from the attacking
> network, cause the attacks comes from all sides.
>
That's a good description of a Distributed Denial Of Service
attack (DDOS). There are other DOS attacks that can disable a
service just by sending the right packets from one attacker,
though the flaws used by these tend to get fixed fairly quickly
which is why people started to use a DDOS when trying to bring a
service down.

I believe that there is a bug in the Microsoft IPv6 protocol
stack at the moment where just one specially crafted packet can
disable Pv6 entirely, for instance. The same bug in IPv4 was only
fixed recently.

Steve

"Mr.Jason" schrieb
> [Denial of service attack]
> Could someone explain what it is in basic terminology?
>
As an example, if I want to prevent you from getting on
the train in time, I stand in the queue in front of you
and ask the teller a lot of information about a train
voyage, different options, etc.etc.

In computer terms, an attacker doing a DoS attack is not
interested in the service itself (because the service may be
secured), but just in preventing other users from getting
that service.

HTH
Martin

Thanks a lot guys. Then, how likely it is that average hobbyist WWW hosting
becomes victim of DOS or DDOS attack?

What can I personally do to make their job harder?

-----
Check out the New Album
http://cutout.ath.cx
Listen my music at
http://www.rocketradio.com/mrjason
Get my previous CD East End
http://www.cdbaby.com/mrjason

Mr.Jason wrote:
> Thanks a lot guys. Then, how likely it is that average hobbyist WWW hosting
> becomes victim of DOS or DDOS attack?
very unlikely

> What can I personally do to make their job harder?
Forget it except as an exercise to get to know the strategies + tools
available to protect against the various DOS attacks - if you yourself
are hosting your website. Otherwise, it's whatever yourt ISP has
implemented (or not).

--
You will experience a strong urge to do good; but it will pass.

Mr.Jason wrote:
> Thanks a lot guys. Then, how likely it is that average hobbyist WWW hosting
> becomes victim of DOS or DDOS attack?
>
> What can I personally do to make their job harder?
>

Depends on the nature of the attack.

If its based on flooding your web server with spurious HTTP requests
then putting a firewall in front of the web server & blocking the source
address(es) may help. Your bandwidth will suffer.

If the attack is based on saturating your bandwidth then the answer is
nothing. The only defense would have to be mounted by your ISP based on
blocking the traffic to your host.

B.

Mr.Jason wrote:

> Thanks a lot guys. Then, how likely it is that average hobbyist WWW
> hosting becomes victim of DOS or DDOS attack?
>
> What can I personally do to make their job harder?
>
> -----
> Check out the New Album
> http://cutout.ath.cx
> Listen my music at
> http://www.rocketradio.com/mrjason
> Get my previous CD East End
> http://www.cdbaby.com/mrjason

Denial of service is directed against SERVERS. If you are not hosting a Web
page, or running a blog or mail server on your machine, you won't interest
these guys.

What DOES concern you is whether your computer will be taken over and turned
into a "zombie" to attack somebody else. People who want to do this often
install a "rootkit" on your system so that they can come back whenever they
feel like it. At least two programs are available to test for this:
chkrootkit and rootkit hunter. Both are available from
http://freshmeat.net. I run chkrootkit occasionally. And I have a
firewall. I am told that you can be accessed within 20 minutes of setting
up. So far, I seem to have been lucky. I have had only one confirmed
break-in, from some students at MIT.

HTH,

Doug.
--
ICQ Number 178748389. Registered Linux User No. 277548.
Health consists of having the same diseases as one's neighbours.
-- Quentin Crisp.

> Denial of service is directed against SERVERS. If you are not hosting a
> Web
> page, or running a blog or mail server on your machine, you won't interest
> these guys.

Yes I'm running a web server. So far I have been pretty much in spotlight of
hackers although I have no confirmed break inns. My huge logfiles are proof
of that. I believe they could take my NIC down by using some kind of DDOS
attack.

> What DOES concern you is whether your computer will be taken over and
> turned
> into a "zombie" to attack somebody else. People who want to do this often
> install a "rootkit" on your system so that they can come back whenever
> they
> feel like it. At least two programs are available to test for this:
> chkrootkit and rootkit hunter. Both are available from
> http://freshmeat.net. I run chkrootkit occasionally. And I have a
> firewall. I am told that you can be accessed within 20 minutes of setting
> up. So far, I seem to have been lucky. I have had only one confirmed
> break-in, from some students at MIT.

Thanks

> HTH,
>
> Doug.
> --
> ICQ Number 178748389. Registered Linux User No. 277548.
> Health consists of having the same diseases as one's neighbours.
> -- Quentin Crisp.
>