Team LiB
Previous Section Next Section

Chapter 5. Denial of Service Attacks

A denial of service (DoS) attack is an attempt to prevent legitimate users from using a service. This is usually done by consuming all of a resource used to provide the service. The resource targeted is typically one of the following:

  • CPU

  • Operating memory (RAM)

  • Bandwidth

  • Disk space

Sometimes, a less obvious resource is targeted. Many applications have fixed length internal structures and if an attacker can find a way to populate all of them quickly, the application can become unresponsive. A good example is the maximum number of Apache processes that can exist at any one time. Once the maximum is reached, new clients will be queued and not served.

DoS attacks are not unique to the digital world. They existed many years before anything digital was created. For example, someone sticking a piece of chewing gum into the coin slot of a vending machine prevents thirsty people from using the machine to fetch a refreshing drink.

In the digital world, DoS attacks can be acts of vandalism, too. They are performed for fun, pleasure, or even financial gain. In general, DoS attacks are a tough problem to solve because the Internet was designed on a principle that everyone plays by the rules.

You can become a victim of a DoS attack for various reasons:


Bad luck

In the worst case, you may be at the wrong place at the wrong time. Someone may think your web site is a good choice for an attack, or it may simply be the first web site that comes to mind. He may decide he does not like you personally and choose to make your life more troubled. (This is what happened to Steve Gibson, of http://www.grc.com fame, when a 13-year-old felt offended by the "script kiddies" term he used.)


Controversial content

Some may choose to attack you because they do not agree with the content you are providing. Many people believe disrupting your operation is acceptable in a fight for their cause. Controversial subjects such as the right to choose, globalization, and politics are likely to attract their attention and likely to cause them to act.


Unfair competition

In a fiercely competitive market, you may end up against competitors who will do anything to win. They may constantly do small things that slow you down or go as far as to pay someone to attack your resources.


Controversy over a site you host

If your job is to host other sites, the chances of being attacked via a DoS attack increase significantly. With many web sites hosted on your servers, chances are good that someone will find one of the sites offending.


Extortion

Many attempts of extortion were reported in the past. Companies whose revenue depends on their web presence are especially vulnerable. Only the wealthiest of companies can afford to pay for infrastructure that would resist well-organized DoS attacks. Only the cases where companies refused to pay are publicly known; we do not know how many companies accepted blackmail terms.

The Alan Ralsky DoS

In November 2002, Alan Ralsky, a well-known bulk-email operator, gave an interview describing what he does and how he makes money sending bulk email. The interview received wide publicity reaching most technology-oriented web sites and, eventually, the very popular Slashdot technology news site. In the interview, Alan disclosed the purchase of a new home, and soon the address of the home found its way into a Slashdot comment.

In an apparent retribution by the readers, Alan Ralsky was subscribed to hundreds of snail-mail mailing lists for ads, catalogues, and magazines. Subscriptions caused huge quantities of mail to arrive on his doorstep every day, effectively preventing Ralsky from using the address to receive the mail he wanted. Here is a list of articles that describe the situation:


DoS attacks can be broadly divided into five categories:

  • Network attacks

  • Self-inflicted attacks

  • Traffic spikes

  • Attacks on Apache (or other services in generale.g., FTP)

  • Local attacks

These types of attacks are described in the rest of this chapter.

    Team LiB
    Previous Section Next Section