A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks of local to global scope that are linked by a broad array of electronic and site A website [citation needed] is a collection of related web pages, images, videos or other digital assets that are addressed relative to a common Uniform Resource Locator (URL), often consisting of only the domain name, or the IP address, and the root path ('/') in an Internet Protocol-based network. A web site is hosted on at least one web server, or service Web services are typically application programming interfaces or Web APIs that are accessed via Hypertext Transfer Protocol (HTTP) and executed on a remote system hosting the requested services. Web services tend to fall into one of two camps: big Web services and RESTful Web services from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers A web server is a computer program that delivers content, such as web pages, using the Hypertext Transfer Protocol (HTTP), over the World Wide Web. The term web server can also refer to the computer or virtual machine running the program such as banks, credit card A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services. The issuer of the card grants a line of credit to the consumer from which the user can borrow money for payment to a merchant or as a cash advance to the payment gateways, and even root nameservers A root name server is a name server for the Domain Name System's root zone. It directly answers requests for records in the root zone and answers other requests returning a list of the designated authoritative name servers for the appropriate top-level domain . The root name servers are a critical part of the Internet because they are the first. The term is generally used with regards to computer networks A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels that facilitates communications among users and allows users to share resources with other users. Networks may be classified according to a wide variety of characteristics. This article provides a general, but is not limited to this field, for example, it is also used in reference to CPU The central processing unit or the processor is the portion of a computer system that carries out the instructions of a computer program, and is the primary element carrying out the computer's functions. It is the unit that reads and executes program instructions. The data in the instruction tells the processor what to do. The instructions are resource management. ^[1]

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources A resource, or system resource, is any physical or virtual component of limited availability within a computer system. Every device connected to a computer system is a resource. Every internal system component is a resource. Virtual system resources include files, network connections and memory areas so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB The Internet Architecture Board is the committee charged with oversight of the technical and engineering development of the Internet by the Internet Society (ISOC)'s Internet proper use policy In January 1989 the Internet Architecture Board issued a statement of policy concerning Internet ethics. This document is referred to as RFC 1087 'Ethics and the Internet', and also violate the acceptable use policies An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used. AUP documents are written for corporations, businesses, universities, schools, internet service providers, and website owners often to reduce the potential of virtually all Internet Service Providers An Internet service provider , also sometimes referred to as an Internet access provider (IAP), is a company that offers its customers access to the Internet[citation needed]. The ISP connects to its customers using a data transmission technology appropriate for delivering Internet Protocol Paradigm, such as dial-up, DSL, cable modem, wireless or. They also commonly constitute violations of the laws of individual nations Computer crime refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of the crime . Netcrime refers, more precisely, to criminal exploitation of the Internet . Issues surrounding this type of crime have become high-profile, particularly those surrounding.^[2]

Contents 1 Symptoms and Manifestations 2 Methods of attack 2.1 ICMP flood 2.2 Teardrop Attacks 2.3 Peer-to-peer attacks 2.4 Permanent denial-of-service attacks 2.5 Application level floods 2.6 Nuke 2.7 Distributed attack 2.8 Reflected attack 2.9 Degradation-of-service attacks 2.10 Unintentional denial of service 2.11 Denial-of-Service Level II 2.12 Blind denial of service 3 Incidents 4 Performing DoS-attacks 5 Prevention and response 5.1 Surviving attacks 5.2 Firewalls 5.3 Switches 5.4 Routers 5.5 Application front end hardware 5.6 IPS based prevention 5.7 Prevention via proactive testing 5.8 Blackholing/Sinkholing 5.9 Clean pipes 6 Side effects of DoS attacks 6.1 Backscatter 7 Denial-of-service attacks and the law 8 See also 9 Notes and references 10 External links

Symptoms and Manifestations

The United States Computer Emergency Response Team defines symptoms of denial-of-service attacks to include:

• Unusually slow network performance There are many different ways to measure the performance of a network, as each network is different in nature and design. Performance can also be modelled instead of measured; one example of this is using state transition diagrams to model queuing performance in a circuit-switched network. These diagrams allow the network planner to analyze how (opening files or accessing web sites)
• Unavailability of a particular web site
• Inability to access any web site
• Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb Mass mailing consists of sending numerous duplicate mails to the same email address. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters. Email-bombing using mass mailing is also commonly performed as a DDoS attack by employing the use of "zombie" botnets;)^[3]

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth In computer networking and computer science, bandwidth, digital bandwidth, or network bandwidth is a measure of available or consumed data communication resources expressed in bit/s or multiples of it of a router between the Internet and a LAN A local area network is a computer network covering a small physical area, like a home, office, or small groups of buildings, such as a school, or an airport. The defining characteristics of LANs, in contrast to wide area networks (WANs), include their usually higher data-transfer rates, smaller geographic area, and lack of a need for leased may be consumed by an attack, compromising not only the intended computer, but also the entire network.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

Methods of attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Attacks can be directed at any network device, including attacks on routing Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network (Circuit switching) , electronic data networks (such as the Internet), and transportation networks. This article is concerned primarily with routing in electronic data networks devices and web The World Wide Web, abbreviated as WWW and commonly known as the Web, is a system of interlinked hypertext documents accessed via the Internet. With a web browser, one can view web pages that may contain text, images, videos, and other multimedia and navigate between them by using hyperlinks. Using concepts from earlier hypertext systems, British, electronic mail Electronic mail, most commonly abbreviated email or e-mail, is a method of exchanging digital messages. E-mail systems are based on a store-and-forward model in which e-mail server computer systems accept, forward, deliver and store messages on behalf of users, who only need to connect to the e-mail infrastructure, typically an e-mail server, with, or Domain Name System The Domain Name System is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers servers In computing, a server is any combination of hardware or software designed to provide services to clients. When used alone, the term typically refers to a computer which may be running a server operating system, but is also used to refer to any software or dedicated hardware capable of providing services.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

1. Consumption of computational resources, such as bandwidth, disk space, or processor The Central Processing Unit or the processor is the portion of a computer system that carries out the instructions of a computer program, and is the primary element carrying out the computer's functions. This term has been in use in the computer industry at least since the early 1960s . The form, design and implementation of CPUs have changed time
2. Disruption of configuration information, such as routing Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network (Circuit switching) , electronic data networks (such as the Internet), and transportation networks. This article is concerned primarily with routing in electronic data networks information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch- intended to:

• Max out the processor A microprocessor incorporates most or all of the functions of a computer's central processing unit on a single integrated circuit (IC, or microchip). The first microprocessors emerged in the early 1970s and were used for electronic calculators, using binary-coded decimal (BCD) arithmetic in 4-bit words. Other embedded uses of 4-bit and 8-bit's usage, preventing any work from occurring.
• Trigger errors in the microcode Microcode is a layer of hardware-level instructions and/or data structures involved in the implementation of higher level machine code instructions in many computers and other processors; it resides in a special high-speed memory and translates machine instructions into sequences of detailed circuit-level operations. It helps separate the machine of the machine.
• Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
• Exploit errors in the operating system, causing resource starvation In computer science, starvation is a multitasking-related problem, where a process is perpetually denied necessary resources. Without those resources, the program can never finish its task and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
• Crash the operating system itself.

ICMP flood

See also: Smurf attack, Ping flood, Ping of death A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 56 bytes in size (or 84 bytes when IP header is considered); historically, many computer systems could not handle a ping packet larger than the maximum IP packet size, which is 65,535 bytes. Sending a, and SYN flood A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system

A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address In usage on Internet Protocol networks, broadcast addresses are formed by distinguished values for the host-number part of an IP address. The exact notation can vary, but the standard is established in RFC 919. The value of a broadcast address should be one that is not likely to be assigned to any one host, such as the addresses consisting of all of the network, rather than a specific machine. The network then serves as a smurf amplifier The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages. In such an attack, the perpetrators will send large numbers of IP The Internet Protocol is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP packets with the source address faked to appear to be the address of the victim. The network's bandwidth is quickly used up, preventing legitimate packets from getting through to their destination.^[4] To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry The Smurf Amplifier Registry is a blacklist of networks on the Internet which have been misconfigured in such a way that they can be used as smurf amplifiers for smurf denial of service attacks have given network service providers A network service provider is a business or organization that sells bandwidth or network access by providing direct backbone access to the Internet and usually access to its network access points (NAPs). For such a reason, network service providers are sometimes referred to as backbone providers or internet providers the ability to identify misconfigured networks and to take appropriate action such as filtering A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

Ping flood is based on sending the victim an overwhelming number of ping Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer. The name comes from active sonar terminology packets, usually using the "ping" command from unix like hosts (the -t flag on Windows Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Microsoft first introduced an operating environment named Windows in November 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth In computer networking and computer science, bandwidth, digital bandwidth, or network bandwidth is a measure of available or consumed data communication resources expressed in bit/s or multiples of it than the victim.

SYN flood A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

Teardrop Attacks

Main article: Teardrop Attacks

A Teardrop attack involves sending mangled In computer networking, a mangled or invalid packet is a packet—especially IP packet—which lacks sound order, self-coherence or content to confuse computers, firewalls, routers or any service present on the network IP The Internet Protocol is a protocol used for communicating data across a packet-switched internetwork using the Internet Protocol Suite, also referred to as TCP/IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems due to a bug in their TCP/IP The Internet Protocol Suite is the set of communications protocols used for the Internet and other similar networks. It is named from two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were the first two networking protocols defined in this standard. Today's IP networking fragmentation re-assembly Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet. IPv4 is still by far the most widely deployed Internet Layer protocol. As of 2010[ code.^[5] Windows 3.1x Windows 3.1x is a series of 16-bit operating systems produced by Microsoft for use on personal computers. The series began with Windows 3.1, which was first sold during March 1992 as a successor to Windows 3.0. Further editions were released between 1992 and 1994 until the series was superseded by Windows 95, Windows 95 Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products. During development it was referred to as Windows 4.0 or by the internal codename Chicago and Windows NT Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was originally designed to be a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement consumer versions of operating systems, as well as versions of Linux Linux refers to the family of Unix-like computer operating systems using the Linux kernel. Linux can be installed on a wide variety of computer hardware, ranging from mobile phones, tablet computers and video game consoles, to mainframes and supercomputers. Linux is predominantly known for its use in servers; in 2009 it held a server market share prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.

Peer-to-peer attacks

Attackers have found a way to exploit a number of bugs in peer-to-peer A peer-to-peer, commonly abbreviated to P2P, is any distributed network architecture composed of participants that make a portion of their resources directly available to other network participants, without the need for central coordination instances (such as servers or stable hosts). Peers are both suppliers and consumers of resources, in servers to initiate DDoS attacks. The most aggressive of these peer-to-peer-DDoS attacks exploits DC++. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a 'puppet master,' instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim’s website instead. As a result, several thousand computers may aggressively try to connect to a target website. While a typical web server can handle a few hundred connections/sec before performance begins to degrade, most web servers fail almost instantly under five or six thousand connections/sec. With a moderately big peer-to-peer attack a site could potentially be hit with up to 750,000 connections in a short order. The targeted web server will be plugged up by the incoming connections. While peer-to-peer attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250,000 during the course of a big attack) means that this type of attack can overwhelm mitigation defenses. Even if a mitigation device can keep blocking IP addresses, there are other problems to consider. For instance, there is a brief moment where the connection is opened on the server side before the signature itself comes through. Only once the connection is opened to the server can the identifying signature be sent and detected, and the connection torn down. Even tearing down connections takes server resources and can harm the server.

This method of attack can be prevented by specifying in the p2p protocol which ports are allowed or not. If port 80 is not allowed, the possibilities for attack on websites can be very limited.

Permanent denial-of-service attacks

A permanent denial-of-service (PDoS), also known loosely as phlashing,^[6] is an attack that damages a system so badly that it requires replacement or reinstallation of hardware.^[7] Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image—a process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith^[8] (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London.^[8]

Show All>>

 

 

 

What Links Here:

 

Recently Viewed Pages:

• Home
• Society: Crime: Internet Crime: Directory
• Search Terms
• Blogs
• Society: Issues: Terrorism: Cyber
• Computer Trespass: News
• Arthur Furguson: News
• Arthur Furguson
• EBay
• Fatt Li

 

Most Popular Pages:

• Software Piracy: Encyclopedia
• Familja: Blogs
• Society: Issues: Terrorism: Cyber
• Wow Stat Hack: Blogs
• Keyboard: News
• Hajja: Blogs
• Content
• Kollha: Blogs
• Fl Ahhar: Blogs
• Anak

Related 'Denial-of-service Attacks' Searches:

related terms:	Dos Attack	Denial of Service Attacks	Service	Dos Attacks
	Attack	Intended Users	Ddos Attack	Peer Attacks
	Network	Malware	Hacker	Servers

---

top user searches:	►

---

or search for "Denial-of-service attacks" in:		Web:		The Entire Web	Related Sites	Web Directories
		This Site:		Page Titles	Karr Network Sites*
		News:		Headlines	Weather	Events	Blogs
		Reference:		Encyclopedia	Dictionary	eTexts	Quotes
				Local Map	Answers
		Multimedia:		Images	Videos
		People:		Discussion Groups	Social Networking
		Shopping:		General Merch.	Consumer Opinion	Auctions	Classifieds

 

---

The Entire Web Web Directories Related* Sites Karr Network Sites* Page Titles Headlines Weather Events Blogs Encyclopedia Dictionary eTexts Quotes Answers Local Map Videos Images Social Networking Discussion Groups General Items Auctions Classifieds Consumer Opinion

Sitemap News Dictionary Encyclopedia Blogs Answers Videos Images Shopping Directory More…