Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks

    Date03 Dec 2002
    3091
    Posted ByAnthony Pell
    Recently, major news outlets reported that a coordinated attack designed to disable several of the Internet's root name servers had taken place. The attack, described as sophisticated and complex, is known as a distributed denial of service (DDoS). Although no serious . . . Recently, major news outlets reported that a coordinated attack designed to disable several of the Internet's root name servers had taken place. The attack, described as sophisticated and complex, is known as a distributed denial of service (DDoS). Although no serious outages occurred, it was a hot topic in the security world - again. Again? Similar attacks first made headlines in February 2000. Although discussed in security circles for some time before that, this was the first prolonged example of a DDoS, and prevented legitimate traffic from reaching major sites for several hours. Yahoo, eBay, Buy.com, and CNN were but a few mjor sites who were inaccessible to their customers for extended periods of time. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.

    In order to understand the incidents described above, it would be helpful to take a step back and look at a more basic form of the same attack, the denial of service attack. A denial of service, or DoS, is a very basic category of attack in the world of security engineering, one which can be used in several scenarios. The term can be applied to any situation where an attacker attempts to prevent the use or delivery of a valued resource to its intended audience or customer. It can be implemented via multiple methods, physically and digitally. For instance, an attacker can deny access to telephone systems by cutting the major telecom cable feeding a building, repeatedly calling every available phone line, or cracking the switch that handles the PBX. In all three instances, the attacker succeeds by denying the users access to the resource, as all incoming and outgoing calls would fail.

    The DoS concept is easily applied to the networked world. Routers and servers can handle a finite amount of traffic at any given time based on factors such as hardware performance, memory and bandwidth. If this limit or rate is surpassed, new requests will be rejected. As a result, legitimate traffic will be ignored and the object's users will be denied access. So, an attacker who wishes to disrupt a specific service or device can do so by simply overwhelming the target with packets designed to consume all available resources.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.