Denial
of service attacks are generally network based. They fall into two categories.
Attacks in the firs category use so many facility resources that in essence, no
useful work can be done. For example, a web site click could download a java
applet that proceeds to use all available CPU time or to pop up windows
infinitely. The second category involves disrupting the network of the
facility. There have been several successful denial-of-service attacks of this
kind against major websites. These attacks result from abuse of some of the
fundamental functionality of TCP/IP. For instance, if he attacker sends the
part of the protocol that says “I want to start a TCP connection”, but never
follows with the standard “The connection is now complete”, the result can be
partially started TCP sessions. If enough of these sessions are launched, they
can eat up all the network resource of he system, disabling any further
legitimate TCP connections. Such attacks, which can last hours or days, have
caused partial or full failure of attempts to use the target facility. The
attacks are usually stopped at the network level until the operating systems
can be updated to reduce their vulnerability.
Generally,
it is impossible to prevent denial-of-service attacks. The attacks use the same
mechanisms as normal operation. Even more difficult to prevent and resolve are
distributed denial-of-service attacks (DDOS). These attacks are launched from
multiple sites at once, toward a common target, typically by Zombies. DDOS
attacks have become more common and are sometimes associated with blackmail
attempts. A site comes under attack, and the attackers offer halt the attack in
exchange for money.
Sometimes
a site does not even know it is under attack. It can be difficult to determine
whether a system slowdown is an attack or just a surge in system use. Consider
that a successful advertising campaign that greatly increases traffic to a site
could be considered a DDOS.
There
are other interesting aspects od DOS attacks. For example, if an authentication
algorithm locks an account for a period of time after several incorrect
attempts to access the account, then an attacker could cause all authentication
to be blocked by purposely making incorrect attempts to access all accounts.
Similarly, a firewall that automatically blocks certain kinds of traffic could
be induced o block the traffic when it should not. These examples suggest that
programmers and systems mangers need to fully understand the algorithms and
technologies they are deploying. Finally, computer science classes are
notorious sources of accidental system DOS attacks. Consider the first
programming exercise in which students learn to create subprocesses or thread.
A common bug involves spawning subprocesses infinitely. The system’s free
memory and CPU resources don’t stand a chance.
No comments:
Post a Comment