 |
|||||||||||||||
|
|
|
|
|
|
|
Denial Of Service Attacks Article- February 2004 This article provides information about Denial Of Service (DOS) Attacks. DOS attacks are becoming more and more common. There are a few different types of Denial Of Service attacks but they all basically do the same thing. DOS Attacks happen when lots of computers send false requests to websites, overwhelming the server that hosts the site. All the false requests stop legitimate visitors accessing the site. Many DOS attacks have been performed on sites over the years. Who performs the attacks? DOS attacks are usually performed by standard computers such as our computer or yours. The DOS Attacks aren’t usually performed by the person that owns and uses the computer, but are performed by a hacker that is controlling the system. This is usually because the computer isn’t secured with a firewall and antivirus program. Many viruses infect computers and perform DOS attacks on certain websites. How do viruses perform DOS Attacks? Quite a few viruses want to get revenge on certain people or companies, so after they’ve infected the user they attempt to perform a DOS Attack. Many viruses have done this in the past. The virus has a set date and time to perform the attack so that the website gets hit with all the false requests at the same time. For example 2003’s MSBlast virus infected thousands of people via a vulnerability in Windows. It then performed a DOS attack on the Microsoft Windows Update site. Another example is Worm Mimail.H that infected computers via email and performed a DOS attack on the Spamhaus website. The most recent worm, My Doom, infected users via email and then performed a DOS attack on the SCO Groups website, another variant of My Doom performed a DOS attack on the Microsoft Corporation website. Which websites get attacked? Almost any website can be threatened by a DOS attack. Some websites can cope with it and others can’t. If your website is being attacked by a hacker, the hacker will make sure he or she has enough Zombies to knock the website off the internet. If a virus is performing a DOS attack on your website, you might survive the attack if the virus hardly infected anyone. It also depends on the strength of your server and your sites bandwith. Microsoft managed to survive DOS Attacks from My Doom without any problem because the Microsoft site has plenty of bandwith and a strong server. The My Doom variant that performed the DOS attack on Microsoft didn’t infect many people either, so thats why it failed. Quite a lot of DOS attacks have been aimed at Security related sites, so that the virus writers or hackers can get revenge on the owners. Security related sites that have experienced DOS Attacks include Spamhaus (www.spamhaus.org), Zone Labs (www.zonelabs.com), GRC (www.grc.com) and several others. Many DOS Attacks have been aimed at Microsoft and other big companies such as Ebay (www.ebay.co.uk), Amazon (www.amazon.co.uk) and Yahoo (http://uk.yahoo.com). How do people avoid DOS Attacks? Companies can protect themselves from DOS Attacks by upping their bandwith, but this is very costly. The SCO group managed to stop a DOS attack from the My Doom Virus by changing the address of their website. The My Doom virus had been programmed to attack www.sco.com so SCO changed their address to www.thescogroup.com . There are also some solutions on the internet for protecting your site against DOS attacks. Quite a few sites, including Spam Haus, are protected by a hardware solution called I Secure. More information about I Secure can be found at http://www.ddos.com . Other Resources Steve Gibson has written some brilliant articles about Distributed Denial Of Service Attacks (DDOS) and Distributed Reflection Denial of Service Attacks (DRDOS). The article on DRDOS is very interesting. It explains all about how his site was being attacked from hundreds of the internets core routers which are very powerful machines. Read more at http://www.grc.com/dos/drdos.htm .
|
|
|
|
© Copyright I Security.org.uk 2004 |