[lug] DOS attack

Nate Duehr nate at natetech.com
Wed Feb 7 00:26:54 MST 2001 

On Tue, Jan 30, 2001 at 02:36:56PM -0700, Scott A. Herod wrote:
>   Denial Of Service.  DDoS is Distributed Denial of Service.  Apparently
> the recent MS attack was a DoS attack while the attack last year against
> Yahoo and others was a DDoS.  ( The person responsible for those just 
> plead guilt to something like 64 counts of computer crimes in Canada. )
> Typically, in a DDoS, the person first breaks into a number of other
> machines and starts all of them flooding a site as well.
> 
>   Basically, it is an attack that floods your machines with request for
> information.  To cheat ( and make your machine do even more work ) the
> request are improperly formatted so that your machine tries to respond
> to some non-existant address with an error message.

Actually denial-of-service outages can be as simple as a disgruntled
person with a pair of wire cutters (physical security) to someone
convincing you to give them a password they shouldn't have and then
logging into the machine and shutting down all services (social
engineering).

Security's a much broader issue than most people want to believe.

But yes, the fad lately is to call network-based attacks that stop the
machine from running the "one true" DoS.  Distributed DoS, or DDoS
attacks are where someone (or an automated script or program) does this
type of network attack from multiple locations on the Internet to your
machine at the same time.

Libpcap on Linux has shown to be particularly suseptible to these types
of attacks over the years.  I had one particular machine that would
kernel panic at any sign of more than 3 Mb/sec of network traffic on my
home network (bug in the Linux kernel module for that particular network
card) and I could DoS it at will from any other machine on the local
network by simply running ping -f as root...  :-)  Poor machine.

-- 
Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.

More information about the LUG mailing list