Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks

    Date03 Dec 2002
    3051
    Posted ByAnthony Pell
    Recently, major news outlets reported that a coordinated attack designed to disable several of the Internet's root name servers had taken place. The attack, described as sophisticated and complex, is known as a distributed denial of service (DDoS). Although no serious . . . Recently, major news outlets reported that a coordinated attack designed to disable several of the Internet's root name servers had taken place. The attack, described as sophisticated and complex, is known as a distributed denial of service (DDoS). Although no serious outages occurred, it was a hot topic in the security world - again. Again? Similar attacks first made headlines in February 2000. Although discussed in security circles for some time before that, this was the first prolonged example of a DDoS, and prevented legitimate traffic from reaching major sites for several hours. Yahoo, eBay, Buy.com, and CNN were but a few mjor sites who were inaccessible to their customers for extended periods of time. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.

    In order to understand the incidents described above, it would be helpful to take a step back and look at a more basic form of the same attack, the denial of service attack. A denial of service, or DoS, is a very basic category of attack in the world of security engineering, one which can be used in several scenarios. The term can be applied to any situation where an attacker attempts to prevent the use or delivery of a valued resource to its intended audience or customer. It can be implemented via multiple methods, physically and digitally. For instance, an attacker can deny access to telephone systems by cutting the major telecom cable feeding a building, repeatedly calling every available phone line, or cracking the switch that handles the PBX. In all three instances, the attacker succeeds by denying the users access to the resource, as all incoming and outgoing calls would fail.

    The DoS concept is easily applied to the networked world. Routers and servers can handle a finite amount of traffic at any given time based on factors such as hardware performance, memory and bandwidth. If this limit or rate is surpassed, new requests will be rejected. As a result, legitimate traffic will be ignored and the object's users will be denied access. So, an attacker who wishes to disrupt a specific service or device can do so by simply overwhelming the target with packets designed to consume all available resources.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"4","type":"x","order":"1","pct":44.44,"resources":[]},{"id":"56","title":"No","votes":"5","type":"x","order":"2","pct":55.56,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.