Eggleston 1

Joshua Eggleston
ITN 260
Cottrill, Tamra
30 January 2011

DB: 3 ~ BUM BUM BUM! ERROR: DENIAL OF SERVICE

I know we were asked to try and stay away from Denial of Service (DoS) attacks. I,

however, decided to talk about DoS attacks simply because it has to be one of my top favorite

attacks. DoS attacks are when one computer targets a computer network in attempt to make the

network resources unavailable to the users. Examples of this attack would be the government

trying to unlawfully take down a network, website, foreign government, etc that they don’t want

spreading information. DoS attacks have been famously used against Microsoft, Amazon.com,

and even PayPal in the past. Basically what happens in a DoS attack is that the server, typically a

web server, is flooded with TCP SYN requests and the server cannot handle so many at once that

it either A) goes into a Blue Screen of Death panic mode or B) makes resources unavailable to

people trying to access them. DoS attacks are typically used to shut down a website, that why

they target a web server, because web servers are usually not that powerful and DoS attacks

typically come in from the outside and use a URL or IP Address as its Digital GPS coordinates.

Now, flooding a server with TCP SYN packets (called a TCP SYN flood DoS attack) is one of

three common attacks. The other two are 1) the Ping of Death and 2) buffer overflow. In a PoD,

the attack crashes the system to a screeching halt by sending multiple Internet Control Message

Protocol (ICMP) packets that are too large for the system to handle. In a buffer overflow type

attack, well, attempt to put more data into the buffer than the system can handle.

Now, here is the reason why DoS attacks are my favorite….Distributed Denial of Service

or DDoS. In a DDoS attack, multiple computers, not just one, are attacking a system. The most
 Eggleston 2

“famous” tool out there to help carry out DoS and DDoS attacks is LOIC (Low Orbital Ion

Cannon). No, it is not a giant ion cannon is space that shoots a laser at a building (but wouldn’t

that be cool?). It is a piece of open source software that uses TCP packets, UDP packets, or

HTTP requests with the intention of disrupting the service of a particular host. People have used

LOIC to join voluntary botnets. The hacktavist group Anonymous has used a modified version of

LOIC to attack websites belonging to scientology churches, the Recording Industry Association

of America website, and, more recently, organizations & companies that shut out Wikileaks

(Amazon, Paypal, Banks, etc).

There are a few ways to prevent DoS and DDoS attacks. The first would be to not host a

webserver and/or link your URL to your vital network’s IP address. That’s how hackers target

your system; either with your URL or your IP address. If you want to host your own webserver, I

would create a separate, dedicated network with its own IP address. Security experts have also

stated that a very well-written firewall rules can block outs DoS and DDoS attacks, especially

from LOIC. A somewhat helpful way of preventing these attacks too would not allow your

server to be pinged. It is possible because Microsoft’s URL cannot be pinged. If you do not

believe me, open up a command prompt (run command: cmd) and type in “ping

www.microsoft.com. For more ways to prevent yourself from these attacks, visit:

http://www.linuxsecurity.com/content/view/121960/49/

BONUES INFORMATION!

Tamra’s probably going to get me for posting this information BUT it is useful

information. If you or a group you are involved with is/are going to launch a DoS or DDoS

attack using a program like LOIC, takes some measures to prevent yourself from being found!

When hackers use bots and zombie computers to use your computer, without your knowledge or
 Eggleston 3

permission of course, to launch a DDoS attack, typically after the “Master” ends the attack, he

will send a message to the “Slave” computers to wipe your hard drives……  OK, Why? If

Feds got ahold of the program that makes your computer a zombie, they could use it to trace it

back to the master. Of course, I guess this is a way to protect you too if the feds wanted to indict

you on breaking the Computer and Information Act. Who knew hackers could be so thoughtful,

lol. Anyway, If you or a group are going to launch an DDoS attack using volunteered zombie

computers, make sure your volunteers are running Tor to protect you and themselves. Tor is

basically a program that bounces your connection around the world. You could be launching the

attack from your computer in Buena Vista, VA but the server you’re attacking would log your IP

address as that of a Tor server in Berlin, Germany. If you don’t run LOIC through Tor, well, get

ready to say hello to the FBI, Secret Service, and probably the U.S. Marshalls! For more info on

Tor, visit: http://en.wikipedia.org/wiki/Tor_(anonymity_network) 