Results 1 to 10 of 10

Thread: So you want to learn about DoS.

  1. #1
    Senior Member
    Join Date
    Feb 2002

    So you want to learn about DoS.

    So you want to learn about Denial of Service. . .

    This is a quick overview that I just found at cert.org. I hope you all enjoy it.

    This document provides a general overview of attacks in which the primary goal of the attack is to deny the victim(s) access to a particular resource. Included is information that may help you respond to such an attack.

    A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include:
    attempts to "flood" a network, thereby preventing legitimate network traffic
    attempts to disrupt connections between two machines, thereby preventing access to a service
    attempts to prevent a particular individual from accessing a service
    attempts to disrupt service to a specific system or person

    Not all service outages, even those that result from malicious activity, are necessarily denial-of-service attacks. Other types of attack may include a denial of service as a component, but the denial of service may be part of a larger attack.

    Illegitimate use of resources may also result in denial of service. For example, an intruder may use your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating network traffic

    Denial-of-service attacks can essentially disable your computer or your network. Depending on the nature of your enterprise, this can effectively disable your organization.

    Some denial-of-service attacks can be executed with limited resources against a large, sophisticated site. This type of attack is sometimes called an "asymmetric attack." For example, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.

    Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:
    consumption of scarce, limited, or non-renewable resources
    destruction or alteration of configuration information
    physical destruction or alteration of network components

    Consumption of Scarce Resources
    Computers and networks need certain things to operate: network bandwidth, memory and disk space, CPU time, data structures, access to other computers and networks, and certain environmental resources such as power, cool air, or even water.

    Network Connectivity
    Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network.

    In this type of attack, the attacker begins the process of establishing a connection to the victim machine, but does it in such a way as to prevent the ultimate completion of the connection. In the meantime, the victim machine has reserved one of a limited number of data structures required to complete the impending connection. The result is that legitimate connections are denied while the victim machine is waiting to complete bogus "half-open" connections.

    You should note that this type of attack does not depend on the attacker being able to consume your network bandwidth. In this case, the intruder is consuming kernel data structures involved in establishing a network connection. The implication is that an intruder can execute this attack from a dial-up connection against a machine on a very fast network. (This is a good example of an asymmetric attack.)

    Using Your Own Resources Against You
    An intruder can also use your own resources against you in unexpected ways.

    Bandwidth Consumption
    An intruder may also be able to consume all the available bandwidth on your network by generating a large number of packets directed to your network. Typically, these packets are ICMP ECHO packets, but in principle they may be anything. Further, the intruder need not be operating from a single machine; he may be able to coordinate or co-opt several machines on different networks to achieve the same effect.

    Consumption of Other Resources
    In addition to network bandwidth, intruders may be able to consume other resources that your systems need in order to operate. For example, in many systems, a limited number of data structures are available to hold process information (process identifiers, process table entries, process slots, etc.). An intruder may be able to consume these data structures by writing a simple program or script that does nothing but repeatedly create copies of itself. Many modern operating systems have quota facilities to protect against this problem, but not all do. Further, even if the process table is not filled, the CPU may be consumed by a large number of processes and the associated time spent switching between processes. Consult your operating system vendor or operating system manuals for details on available quota facilities for your system.

    An intruder may also attempt to consume disk space in other ways, including:
    generating excessive numbers of mail messages.
    intentionally generating errors that must be logged
    placing files in anonymous ftp areas or network shares.

    In general, anything that allows data to be written to disk can be used to execute a denial-of-service attack if there are no bounds on the amount of data that can be written.

    Also, many sites have schemes in place to "lockout" an account after a certain number of failed login attempts. A typical set up locks out an account after 3 or 5 failed login attempts. An intruder may be able to use this scheme to prevent legitimate users from logging in. In some cases, even the privileged accounts, such as root or administrator, may be subject to this type of attack. Be sure you have a method to gain access to the systems under emergency circumstances. Consult your operating system vendor or your operating systems manual for details on lockout facilities and emergency entry procedures.

    An intruder may be able to cause your systems to crash or become unstable by sending unexpected data over the network.

    If your systems are experiencing frequent crashes with no apparent cause, it could be the result of this type of attack.

    There are other things that may be vulnerable to denial of service that you may wish to monitor. These include
    tape devices
    removable drives
    network connections
    other limited resources important to the operation of your organization

    Destruction or Alteration of Configuration Information
    An improperly configured computer may not perform well or may not operate at all. An intruder may be able to alter or destroy configuration information that prevents you from using your computer or network.

    For example, if an intruder can change the routing information in your routers, your network may be disabled. If an intruder is able to modify the registry on a Windows NT machine, certain functions may be unavailable.

    Physical Destruction or Alteration of Network Components
    The primary concern with this type of attack is physical security. You should guard against unauthorized access to computers, routers, network wiring closets, network backbone segments, power and cooling stations, and any other critical components of your network.

    Physical security is a prime component in guarding against many types of attacks in addition to denial of service. For information on securing the physical components of your network, we encourage you to consult local or national law enforcement agencies or private security companies.

    Prevention and Response
    Denial-of-service attacks can result in significant loss of time and money for many organizations. I strongly encourage sites to consider the extent to which their organization could afford a significant service outage and to take steps commensurate with the risk.

    Many organizations can suffer financial loss as a result of a denial-of-service attack and may wish to pursue criminal or civil charges against the intruder. For legal advice, I recommend that you consult with your legal counsel and law enforcement.
    \"To follow the path:
    look to the master,
    follow the master,
    walk with the master,
    see through the master,
    become the master.\"

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    Good post..

    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Token drunken Irish guy
    Join Date
    Sep 2001
    Once again.


    Although you have tailored it to look different it is obvious.

  4. #4
    Senior Member
    Join Date
    Jan 2002

    Re: So you want to learn about DoS.

    Originally posted here by 3ntropy
    This is a quick overview that I just found at cert.org. I hope you all enjoy it.
    Erm, he did quote his source, Ennis.
    Elen alcarin ar gwath halla n engwar.

  5. #5
    No he didn't. He edited his post after Ennis pointed it out......

  6. #6
    Senior Member
    Join Date
    Dec 2001
    Oh...then Ennis, disregard my last reply in the other post, because I didn't know he edited it.

  7. #7
    Senior Member
    Join Date
    Aug 2001
    now, i have documentation about DOS. thank's for posting some few and good explanation about DOS. i will add it to my thesis.
    \"The more you ignore me... the closer i get!\"

  8. #8
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    I hope you cite the source.....
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  9. #9
    Senior Member
    Join Date
    Jan 2002
    I'm hoping it's just an innocent mistake, as in he just forgot to mention the source.
    Elen alcarin ar gwath halla n engwar.

  10. #10
    Join Date
    Sep 2001
    I'm hoping it's just an innocent mistake, as in he just forgot to mention the source.

    no he did it on the other one as well all u need to know about virus or s omthing like that

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts