Mirror Magazine - Under attack!

A denial-of-service attack (DoS) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services, by consuming the bandwidth of the victim network, or overloading the computational resources of the victim system. Denial of Service (DoS) attacks on web services is a growing problem in the expanding global communication network. The problem is further compounded by the fact that execution of DoS attacks does not require expert computer or networking knowledge. It is also relatively easy to use the principles of a DoS attack, in order to launch a Distributed Denial of Service (DDoS) attack, simply by scattering seemingly harmless ‘code’ to other nodes in a network (known as a BotNet) that could be synchronised to multiply the effectiveness of the attack. The fact that most types of DoS and DDoS attacks require minimal technical knowledge to execute has made it one of the most common and effective ways of attacking a web entity or service.

Most types of DoS attacks rely primarily on brute force, flooding the target with an overwhelming flux of packets, overwhelming a connection beyond the saturation point of its bandwidth, or depleting the target's system resources such as memory, disk space and processor time. Bandwidth-saturating floods rely on the attacker (or more commonly attackers) having higher bandwidth available than the victim. A common way of achieving this today is via Distributed Denial of Service, employing a botnet. Other floods may use specific packet types or connection requests to saturate finite resources by, for example, occupying the maximum number of open connections, or filling the victim's disk space with meaningless data.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the ‘ping – f’ command. It is very simple to launch; the primary requirement being access to greater bandwidth than the victim. SYN flood sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a TCP/ACK packet in response from the sender address.

However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

A smurf attack is one particular variant of a flooding DoS attack on the public internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with a faked source address that is set to the address of the intended victim. To combat Denial of Service attacks on the internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify misconfigured networks, and to take appropriate action such as filtering.

A ‘banana attack’ is another particular type of DoS. It involves redirecting outgoing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets.

Attacks can be directed at any network device, including attacks on routing devices, and web, electronic mail, or Domain Name System servers. An attacker with access to a victim's computer may slow it until it is unusable, or crash it by using a fork bomb. There are short-term and long-term countermeasures against DoS attacks, which we will discuss in the weeks to come. Until then, keep your emails rolling in to technopage@gmail.com. (Please note that our previous email address is no longer functional.)