Denial-of-Service Attack

views updated

DENIAL-OF-SERVICE ATTACK

Hackers have been known to place programs onto networked computers that create high volumes of dubious requests or messages, resulting in an interruption of network service. This practice is called a denial-of-service (DOS) attack. When more than one networked computer is used to flood a network with phony traffic, the practice is called a distributed denial-of-service attack (DDOS). There are different types of DOS attacks, including teardrop attacks, infrastructure attacks, buffer overflow attacks, smurf attacks, and those caused by computer viruses.

Depending on their type, DOS attacks work in different ways. For example, infrastructure attacks involve situations where service is impaired from a physical, real-world assault on cabling or other equipment used for network operations. Smurf attacks involve a utility called pinging. Normally, this utility is used to verify the existence and operation of a host computer (such as a Web server used to host a Web site). A signal is sent to the host, and a reply requested. Smurf attacks involve hackers spoofing, or using a phony reply address (the target for the DOS attack), and requesting that the reply be broadcast to multiple points within the target's network, causing a spike in dubious traffic. Regardless of the means, the ultimate objective of most DOS attacks is to prevent networks from working properly by overloading them with more traffic than they were designed to handle.

Although they can happen accidentally, DOS attacks normally are caused intentionally. Network World revealed that most attacks are targeted at different kinds of servers (such as Web servers or e-mail servers). As many as 20 percent of attacks are made on machines with broadband Internet connections, and a smaller number involve routers, which relay information on the Internet as it is sent from one location to another. Much like computer viruses, the consequences of DOS attacks are real, resulting in lost revenue for companies, frustrated consumers and companies who want to purchase goods and services, and sometimes damaged computer files. To make matters worse, tracking down attackers can be very difficult.

Unfortunately, DOS attacks were a routine occurrence in the early 2000s. In the span of only two months, several leading Web sites were attacked in early 2001. That January, Microsoft announced that a DOS attack aimed at the routers directing traffic to its Web sites caused an interruption in service. Additionally, an attack sidelined the Web site of security vendor Network Associates for approximately 90 minutes. In February, a Canadian hacker calling himself Mafiaboy was caught after attacking several sites, including Amazon.com, Charles Schwab, Yahoo, CNN, e*Trade, and eBay.

In mid-2001 there no were no proven ways to stop DOS attacks from happening. However, several organizations developed or offered solutions that were able to provide varying degrees of relief. These partial solutions ranged in price from $20,000 to as much as $55,000, and were useful to entities like Internet service providers (ISPs) and those hosting Web sites. They worked in different ways, and most had not achieved widespread use. Captus Networks offered equipment that detected traffic surges and held them back while it attempted to differentiate between legitimate and bogus messages. Captus's solution also was able to check spoofed addresses used in smurf attacks and either deny illegitimate traffic or send it to another location for investigative analysis.

Mazu Networks, a company with ties to the Massachusetts Institute of Technology (MIT), developed similar technology that, according to Network World, could "identify traffic characteristics of distributed denial-of-service attacks and communicate that information to the ISPs, Web-hosting centers or Web server owner via a private network or dial-up. The devices will be able to take active response measures, such as filtering and tracing the attack, and gathering forensics." In addition to Mazu, other companies with ties to universities, including Arbor (University of Michigan), Lancope (Georgia Institute of Technology), and Asta (University of California at San Diego and the University of Washington) were trying to tackle the pervasive threat posed by DOS attackers. Moreover, in November 2000 an industry group was created to work toward a solution and develop cooperation between ISPs, who play central roles in the attacks. DOS attacks were an especially pressing issue because the possibility that companies and ISPs would be held liable for their consequences was very real.

FURTHER READING:

"Denial of Service." Whatis.com, May 16, 2001. Available from whatis.techtarget.com.

Messmer, Ellen. "Start-ups Go on Attack vs. Denial-of-Srvice Threat." Network World, June 18, 2001.

. "Start-ups Vie to Defeat DoS Attacks." Network World, February 5, 2001.

SEE ALSO: Computer Crime; Computer Security; Hacking; Viruses; Worms