Академический Документы
Профессиональный Документы
Культура Документы
This document provides a general overview of attacks in which the primary goal of
the attack is to deny the victim(s) access to a particular resource. Included is
information that may help you respond to such an attack.
One common method of attack involves saturating the target (victim) machine with
external communications requests, such that it cannot respond to legitimate
traffic, or responds so slowly as to be rendered effectively unavailable. In
general terms, DoS attacks are implemented by either forcing the targeted
computer(s) to reset, or consuming its resources so that it can no longer provide
its intended service or obstructing the communication media between the intended
users and the victim so that they can no longer communicate adequately.
A DoS attack can be perpetrated in a number of ways. The five basic types of
attack are:
DOS (Denial of Service) attacks, heard of them taking down servers, restricting
traffic and even bringing down a country's communications. But, how do they work?
A simple example would that being a heart. Let�s say the veins are the internet
. And you are pumping blood through this tube. The blood is good traffic. What
happens if you overload the veins with fat (bad traffic)? And so the heart has a
failure and can�t pump blood to the other organs, a Denial of Service.
DOS attacks are one of the simplest ways to bring down a server
, by overwhelming its bandwidth or computing resources. A simple DOS attack code
would be:
ping {ip} -t -l 50000
In which you can just enter into the command prompt. This command sends 50000
bytes (roughly 50 kilobytes) of data to the ip, in a single packet. The -t is to
ping the specified host until stopped and -l is to specify the buffer size. DOS
are commonly used by script kiddies.
However, DOS attacks may crash systems by overloading their computing resources
like having a heart attack. Sooner or later you have to get to a doctor or die (no
offense meant). This only works in older systems due to the tremendous increase in
computing power.
Not all service outages, even those that result from malicious activity, are
necessarily denial-of-service attacks. Other types of attack may include a denial
of service as a component, but the denial of service may be part of a larger
attack.
Illegitimate use of resources may also result in denial of service. For example,
an intruder may use your anonymous ftp area as a place to store illegal copies of
commercial software, consuming disk space and generating network traffic
To prevail in a DOS attack, however, the attacker's bandwidth must be wider than
the defender's bandwidth to overwhelm it with traffic, so more fat can get to the
heart. This is only for singular attacks only (one on one). However, in a
DDOS(Distributed Denial of Service) attack, the attacker may use zombie computers
to send packets to the victim, therefore intensifying the attack. Imagine a huge
clog with more than a few hundred computers streaming it.
Instead of using zombie computers, attackers may also choose to spoof their ips to
that of their victim's computer. By doing so, he can send ip packets to many
computers, and so the computers respond in pinging to the sender's ip. However,
the sender's ip has been spoofed and so they unknowingly flood the victim. This is
known as a Reflected attack.
DOS attacks can be so harmful that they may cause system damage in which the
system is attacked so badly when they exploit flaws in the system, and then
'update' the device to modify it to make it permanently unusable.
Firewalls provide protection from some DOS attacks by differentiating good traffic
from DOS attacks but however a more complex attack on port 80 would have the
server fully vulnerable because it is the web service port. Another way is the
ISP(Internet Service Provider) noticing the attack and disconnecting the attacker.
-----------------------------------------------------------
# Impact
You should note that this type of attack does not depend on the
attacker being able to consume your network bandwidth. In this case, the intruder
is consuming kernel data structures involved in establishing a network connection.
The implication is that an intruder can execute this attack from a dial-up
connection against a machine on a very fast network. (This is a good example of an
asymmetric attack.)
2. Using Your Own Resources Against You---
In this attack, the intruder uses forged UDP packets to connect the
echo service on one machine to the chargen service on another machine. The result
is that the two services consume all available network bandwidth between them.
Thus, the network connectivity for all machines on the same networks as either of
the targeted machines may be affected.
3. Bandwidth Consumption
* printers
* tape devices
* network connections
* other limited resources important to the operation of your
organization
An improperly configured computer may not perform well or may not operate at
all. An intruder may be able to alter or destroy configuration information that
prevents you from using your computer or network.
http://www.microsoft.com/security/
\\\\\\\\\\\\\\microsoft provides almost all the necessary informations
i collect a variety of information from their
site........\\\\\\\\\\\\\\\\\\\\\\\\\\
The primary concern with this type of attack is physical security. You
should guard against unauthorized access to computers, routers, network wiring
closets, network backbone segments, power and cooling stations, and any other
critical components of your network.
Denial-of-service attacks can result in significant loss of time and money for
many organizations. We strongly encourage sites to consider the extent to which
their organization could afford a significant service outage and to take steps
commensurate with the risk.
The DOS attack of Georgia weeks after the Russian-Georgian war. This caused
multiple Georgian servers to be shut down and overloaded communications.
In July 2008 4chan received a 10gbps attack and suffered 2 weeks of downtime.
In September 2008 Digg and Gamesurge went under heavy DOS attacks and became
offline for 6 hours.