Denial-of-Service Attacks

A recent craze in Internet intrusion is the denial-of-service (DOS) attack. A DOS attack is almost impossible to stop once it starts, because it does not require the attacker to have any particular privileges on the system. The point of a DOS attack is to tie up the system with so many requests that system resources are all consumed and performance degrades. High-profile DOS attacks have been launched against websites of the U.S. government and those associated with major Internet search engines.

The most dangerous DOS attack is the so-called distributed DOS attack. In a distributed DOS attack, the attacker uses several remote computers to direct other remote computers into launching a coordinated attack. Sometimes hundreds or even thousands of computers can participate on an attack against a single IP address.

DOS attacks often use standard TCP/IP connectivity utilities. The famous Smurf attack, for instance, uses the Ping utility (see Hour 14, “TCP/IP Utilities”) to unleash a flood of ping responses on the victim (see Figure 22.4). The attacker sends a ping request to an entire network through directed broadcast. The source address of the ping is doctored to make it appear that the request is coming from the victim’s IP address. All the computers on the network then simultaneously respond to the ping. The effect of the Smurf attack is that the original ping from the attacker is multiplied into many pings on the amplification network. If the attacker initiates the process on several networks at once, the result is a huge flood of ping responses tying up the victim’s system.