A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
Typical targets are high-profile even DNS root servers have been targeted in an attempt to bring down a large section of the Internet.
One common method of attack involves saturating the target (victim) machine with external communications requests which render it effectively unavailable. This type of attack are typically implemented by:
- forcing the target to restart over and over, or
- blocking the communication channel to the target.
Not all service outages are denial-of-service attacks. They could be a byproduct of some other attack type where the DoS just spills over into other communication channels or they could just be normal traffic jamming a particularly sensitive node on the Internet (e.g., a popular streaming video or a just-available large-size download).
In brief, here are a few methods malware might institute a DoS or DDoS attack:
- ICMP Floods.
There are several types of ICMP floods. For example, a smurf attack relies on misconfigured network devices so that packets are sent to all hosts on the network instead of a specific machine. A ping flood is just what the name implies a large number of ping packets that tie up the victim machine trying to answer them all. SImilarly, a SYN flood sends many TCP/SYN packets with a forged sender address. These leave a half-open connection and with enough of them, all input ports on the victim machine are tied up waiting for return information that will never come so they are tied up until they time out. - Teardrop Attack.
An older type of attack that sent malformed IP fragments that are improperly reconstructed on the victim causing errors. Most of today’s operating systems will recognize and defeat these. - Peer-to-Peer Attacks.
These attacks rely on bugs in peer-to-peer server software. One of the worst causes clients of file-sharing hubs to disconnect and then reconnect to the victim’s site. With a large peer-to-peer network this can cause thousands of connections per second to be attempted and this will usually shut the attacked server down. - Application Level Floods.
Various errors in server software might be exploited. As an example, a buffer overflow might be used to affect server software up to and including filling memory, using all CPU cycles or filling disk space. - Banana Attack.
Outgoing messages from a client are redirected back to the client which prevents outside access and floods the client. [A banana looks something like a boomerang; thus the name.]
There are others, including pulsing zombie and nuke (plus more).
An attack may also compromise a system with a Trojan which could then set up a botnet to exploit flaws in other systems.
A simple example can show the difference between a DoS and DDoS. If a single user mounts a smurf attack this is a DoS attack. If, however, a botnet is set up where each zombie computer mounts a smurf attack that would be a DDoS. Basically, then, a distributed attack is, well, distributed. 🙂
There is a lot more one could say about DoS or DDoS attacks but this should be enough to introduce the topic and indicate they are not always to be taken lightly. They continue in the present and will continue into the future. For example, in early February 2009 Network World reported a form called DNS Amplification.
Summary
- A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
- There are many different forms of DoS and DDoS attacks.
What Malware Does | |
What Malware Does | Rewrite and Redirect |