What is a denial-of-service (DoS) attack?

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from

accessing information or services. By targeting your computer and its network connection, or the
computers and network of the sites you are trying to use, an attacker may be able to prevent you
from accessing email, websites, online accounts (banking, etc.), or other services that rely on the
affected computer.

The server spends so

much time trying to process these requests that
it can't respond to legitimate requests and may
crash they;
- Send CPU utilization to 100%
- Crash the OS
- Crash a vital service
- In each case the legitimate users of the
computer are affected

What is a distributed denial-of-service (DDoS) attack?

In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack
another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker
could take control of your computer. He or she could then force your computer to send huge
amounts of data to a website or send spam to particular email addresses. The attack is
"distributed" because the attacker is using multiple computers, including yours, to launch the
denial-of-service attack.

Attack
- A TCP connection request is sent to a host from an unreachable address
- The host allocates resources (memory, sockets) for the connection
- The host tries to acknowledge the connection but fails
- The host retries with ever-increasing timeout intervals, for a total of 189 seconds

Alarm
-What’s so alarming about the attacks on major Web sites is that there’s no easy way to stop
them. The attacks are so simple that the FBI says even a 15-yearold could pull them off. Does
this mean the Web is unsafe?

Vulnerability
-Several sites have been established to do both active and passive scanning of networks to
determine whether or not directed-broadcast is enabled.

-http://www.netscan.org/ is a site which actively scans the IPv4 address

- space and mails network contacts with information on how to disable them.
- http://www.powertech.no/smurf/ is a site which will test scan your network and allow you to
enter a known smurf amplifier site.
Recent Victims
-Amazon.com
-eBay.com
-CNN.com
-Buy.com
-Yahoo

Aftermath of attacks
- in June 1999 eBay Crashed for about 22 hours outage sent the company’s stock into a tailspin,
causing eBay to lose 26 percent of its value in five days and costing it $5 million in revenues in
the second quarter.
- also suffered a string of smaller outages in November, lasting a total of four hours during
three days. It has since invested more than $18 million in engineering to improve site
performance.

Internet Liability
- Email, Internet, Intranet and E-commerce users all face increased risks by their activities.
- Libel - vicarious liability for the content of employees e-mail messages and a direct
responsibility for the content of their web-site.
- Viruses - claims from third parties as a result of damage to hardware and software as a result of
a virus downloaded by E-mail or from the website.
- Unauthorized access - causing a breach of Data

Protection legislation

-Failure of Web-sites - resulting in financial loss for third parties.

-Infringement of Copyright - the law of copyright extends to material transmitted
on the internet.

Government concern
-President Clinton convened a summit to make the Web more
secure
-The FBI is conducting interviews with hackers, computer security experts and anyone else who
might have knowledge about the incidents.
-Suggestion:create a mechanism to share cyber-security information

References:

-http://learn-networking.com/network-security/how-to-prevent-denial-of-service-
attacks

-http://articles.techrepublic.com.com/5100-10878_11-1036525.html

- http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557336,00.html

- http://www.radware.com/Solutions/Enterprise/Security/DoSProtection.aspx