[thelist] Denial of Service attack.... how easy are they?

Ken Schaefer ken at adOpenStatic.com
Mon Oct 27 18:42:51 CST 2003 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "John C Bullas" <jcbullas at nildram.co.uk>
Subject: [thelist] Denial of Service attack.... how easy are they?


: How come I read so much about denial of service attack
: vulnerabilities having ot be covered?
:
: Are they easy? Can people just do them from one PC or
: do they have to get a bank of them to "do the deed"
:
: Read about this "UK" youth who tied up The Port of
: Houston from his home PC?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A "denial of service" (DOS) attack involves tying up sufficient of the
target's resources that legitimate requests can not get through (or can't be
completed, or... you get the idea). This may involve such things as:
    - sending so much data that the target's intenet connection is swamped
(this type of attack doesn't necessarily overwhelm the remote server's
resources, but instead fills the connection that the remote company has,
preventing legitimate requests from reaching the remote server)
    - sending legitimate connection-open type requests that you have no
intention of continuing with (but which the remote server will hold open).
If you can open enough connections, the server may run out of memory to
handle the number of sockets (or whatever it is that you're opening).

The first type of attack is usually more common, since it doesn't really
necessarily rely on anything particular running on the remote server (you
just need to send enough packets/data to something at the other end). It
does require that your outgoing bandwidth is larger than the target's,
otherwise you're not going to be able to send enough data fast enough to
overwhelm the remote pipe.

This type of attack is usually dealt with by going up your provider chain
until you get to a connectivity provider that has more bandwidth than the
attacker. You arrange to have the packets dropped.

Alternatively, if you're a big enough company, you hire Akamai (or similar),
and have your content redistributed on lots of servers all around the world,
making it very hard to overwhelm all of them.

A "distributed denial of service attack" (DDOS) is a way of harnessing
multiple outgoing connections to overwhelm a remote target's resources. You
take over multiple machines, and have them all simulataneously attack the
remote server. This is the only way you'd be able to DOS a large company
that has a substantial pipe onto the 'net.

Cheers
Ken

Microsoft MVP - Windows Server (IIS)

More information about the thelist mailing list