Denial of service: Difference between revisions
imported>Sandy Harris No edit summary |
imported>Howard C. Berkowitz (Needs discussion of collateral damage, and eventually a breakout of DDoS) |
||
Line 5: | Line 5: | ||
Some DoS attacks are flooding attacks; if an attacker sends you 10,000 emails, your normal email will likely not get through. 100,000,000 might take out not only your personal mail, but the whole mail server. [[Resource attack]]s attempt to exhaust some resource on the target system. [[Amplification attack]]s work by sending a small amount of data which will cause other systems to produce a flood. | Some DoS attacks are flooding attacks; if an attacker sends you 10,000 emails, your normal email will likely not get through. 100,000,000 might take out not only your personal mail, but the whole mail server. [[Resource attack]]s attempt to exhaust some resource on the target system. [[Amplification attack]]s work by sending a small amount of data which will cause other systems to produce a flood. | ||
However, not all DoS attacks involve flooding; an attacker may try to | However, not all DoS attacks involve flooding; an attacker may try to craft a really evil mail message, deliberately breaking the rules for mail formats in such a way that your mail server or your mail-reading software will crash when it tries to process the beast. Or he might take down the mail server with an attack unrelated to mail. In any case, a successful attack denies you mail service. | ||
In general, this is easier than other attacks, like trying to read your mail or produce forged mail that appears to be from you. Unfortunately, those aren't necessarily hard either, but that's another topic. | In general, this is easier than other attacks, like trying to read your mail or produce forged mail that appears to be from you. Unfortunately, those aren't necessarily hard either, but that's another topic. | ||
==Distributed denial of service== | |||
It is fairly common for attackers to take over a few tens of thousands of insecure machines. The "owned" machines are "zombies" and the network of them is a [[botnet]] (i.e., "robot network"). Botnets are now a business; spammers rent time on botnets to send their rubbish. The attackers search blocks of addresses used for broadband Internet, looking for vulnerable machines. Windows machines that have not done Microsoft's upgrades are their favorite target; such a machine is almost guaranteed to be taken over sooner or later. | |||
Botnets are one way to carry out '''DDoS''', '''Distributed denial of service attack''', where thousands or millions of machines attack a single target, with no single attacker to stop. In other contexts, this multiple attacker model is that of [[swarming (military)|swarming]]. Botnets are not the only way to carry out DDoS; a national attacker could use large numbers of owned machines. | |||
The server may crash, and even if it doesn't, normal web services will be disrupted. |
Revision as of 05:27, 4 March 2010
Many attacks on computer security try to get the computer to do something for the miscreant, perhaps give him or her data that he/she is not authorised to have — credit card numbers, medical records, military secrets, ... — or let him or her perform some computer-mediated action — make bank withdrawals, launch some nuclear missiles, ... A denial of service, or DOS or DoS, attack does not do that; it just tries to deny normal computer services to the authorised users.
Some DoS attacks are flooding attacks; if an attacker sends you 10,000 emails, your normal email will likely not get through. 100,000,000 might take out not only your personal mail, but the whole mail server. Resource attacks attempt to exhaust some resource on the target system. Amplification attacks work by sending a small amount of data which will cause other systems to produce a flood.
However, not all DoS attacks involve flooding; an attacker may try to craft a really evil mail message, deliberately breaking the rules for mail formats in such a way that your mail server or your mail-reading software will crash when it tries to process the beast. Or he might take down the mail server with an attack unrelated to mail. In any case, a successful attack denies you mail service.
In general, this is easier than other attacks, like trying to read your mail or produce forged mail that appears to be from you. Unfortunately, those aren't necessarily hard either, but that's another topic.
Distributed denial of service
It is fairly common for attackers to take over a few tens of thousands of insecure machines. The "owned" machines are "zombies" and the network of them is a botnet (i.e., "robot network"). Botnets are now a business; spammers rent time on botnets to send their rubbish. The attackers search blocks of addresses used for broadband Internet, looking for vulnerable machines. Windows machines that have not done Microsoft's upgrades are their favorite target; such a machine is almost guaranteed to be taken over sooner or later.
Botnets are one way to carry out DDoS, Distributed denial of service attack, where thousands or millions of machines attack a single target, with no single attacker to stop. In other contexts, this multiple attacker model is that of swarming. Botnets are not the only way to carry out DDoS; a national attacker could use large numbers of owned machines.
The server may crash, and even if it doesn't, normal web services will be disrupted.