Denial of Service

Denial of service attacks are generally network based. They fall into two categories. Attacks in the firs category use so many facility resources that in essence, no useful work can be done. For example, a web site click could download a java applet that proceeds to use all available CPU time or to pop up windows infinitely. The second category involves disrupting the network of the facility. There have been several successful denial-of-service attacks of this kind against major websites. These attacks result from abuse of some of the fundamental functionality of TCP/IP. For instance, if he attacker sends the part of the protocol that says “I want to start a TCP connection”, but never follows with the standard “The connection is now complete”, the result can be partially started TCP sessions. If enough of these sessions are launched, they can eat up all the network resource of he system, disabling any further legitimate TCP connections. Such attacks, which can last hours or days, have caused partial or full failure of attempts to use the target facility. The attacks are usually stopped at the network level until the operating systems can be updated to reduce their vulnerability.

Generally, it is impossible to prevent denial-of-service attacks. The attacks use the same mechanisms as normal operation. Even more difficult to prevent and resolve are distributed denial-of-service attacks (DDOS). These attacks are launched from multiple sites at once, toward a common target, typically by Zombies. DDOS attacks have become more common and are sometimes associated with blackmail attempts. A site comes under attack, and the attackers offer halt the attack in exchange for money.

Sometimes a site does not even know it is under attack. It can be difficult to determine whether a system slowdown is an attack or just a surge in system use. Consider that a successful advertising campaign that greatly increases traffic to a site could be considered a DDOS.

There are other interesting aspects od DOS attacks. For example, if an authentication algorithm locks an account for a period of time after several incorrect attempts to access the account, then an attacker could cause all authentication to be blocked by purposely making incorrect attempts to access all accounts. Similarly, a firewall that automatically blocks certain kinds of traffic could be induced o block the traffic when it should not. These examples suggest that programmers and systems mangers need to fully understand the algorithms and technologies they are deploying. Finally, computer science classes are notorious sources of accidental system DOS attacks. Consider the first programming exercise in which students learn to create subprocesses or thread. A common bug involves spawning subprocesses infinitely. The system’s free memory and CPU resources don’t stand a chance.

Share: