DOS attacks

hi! what is dos attack? from last post about service attack i came to know about it, i wonder how many types of attacks exist. anyway where do i understand that from dos attack we mean to write some commands in dos which conitnuously send data to victim computer. FOREXAMPLE ping <someip> -t. Another good example is mail bombering. but i've pinged ten times my own network, but my server handle it. THe question is how much amount of data required to crach a system through dos attack. my server is configured at windows2000. By the way for real newbies, one could save himself from such attacks by using any firewall, i prefer zonealarm pro.

Well lets say if someone makes a bot that floods a IRC room, someone mailbombs a e-mail account intil the account is shutdown, or cells and packets are stuffed into a connection which causes traffic. Almost anything that can boot somebody away from a area online or mess up a connection within a network could be called a DoS attack if its distributed then its a dDoS.

Maybe it would help if do a google search on dDoS and DoS attacks or open a book and learn about networks.

read this link from when grc.com got hit with a DDoS attack it should explain to you what happens when a DDoS attack happens you can also download this document its a 23 page pdf file
http://grc.com/dos/drdos.htm

I think you are mildy confused. DOS, in the context that you are using it, refers to a 'Denial of Service' rather than a 'Disk Operating System' (which is what DOS in the context of a DOS prompt means). There are many different kinds of Denial of Service attacks to be worried about, and a firewall will not necessarily buy you anything for some kinds. These attacks refer only to the fact that your network connection is no longer usuable, not necessarily how it is done.

Bandwidth consumption attacks. These can either be DOS or DDOS (Distributed Denial of Service) attacks. In the case of a simple DOS, maybe for example you are connected to the internet via a 56 Kb/s (Kilobytes/Second) connection and someone is flooding your network with traffic from say a T1 (1.5 Megabytes / second or 1536 Kb/second). Obviously they would be able to send you more data than you can receive. Now, it is not always the case that someone will have massively more bandwidth available to flood your network, so they resort to a DDOS attack, which involves multiple computers/networks flooding your network with traffic, and these attacks can 'bring down' even networks with very high bandwidth if a sufficient number of zombies are used. Even if the network is not brought down, the victim network would still experience 'slowness' as some of the originally available bandwidth is no longer free but rather consumed with junk traffic. In many respects, Code Red could almost have been considered a DDoS attack because of the effect of thousands of infected computers scanning the internet trying to infect other machines.

Service Denial. There are many subcategories, but the term in general refers to the denial of a particular service, say email. This can be the result of a massive virus infection, syn flood to a specific host/port, or one packet kills that take advantage of design errors/bugs in TCP/IP stack implementations. There are so many variations to these types of attacks that I will not go any further into them, but I do highly recommend doing a google search for 'Denial of Service' and there should be more than enough material to read that would be far more informative than anything I could slap together.

As a final wrapup, there are times when DoS attacks are used to hack a system (for example, TCP/IP spoofing/session hijaacking), but most of the time they are considered a lamer last resort of script kiddiez that couldn't get into a network.

/nebulus