The document discusses denial of service (DoS) attacks, which are common and costly. It describes different types of DoS attacks like distributed denial of service (DDoS) and SYN floods. The document outlines symptoms of DoS attacks and steps users can take to prevent becoming part of a botnet. It also discusses the legal issues around DoS attacks and how some governments use them against other governments.
2. The world today is heavily dependent on the internet
Denial of service attacks (DoS) are very common today.
“In each of the last six years, between seventeen percent and thirty-two
percent of the organizations surveyed were the targets of a DoS attack.”
-Computer Security Institute
Costs businesses and governments millions of dollars each
year to prevent and recover from the attacks.
3. An attack that attempts to stop or prevent a legitimate user
from accessing a service or system. The attacker will either
directly attack the user's network or system or the system or
service that the users are attempting to access.
Distributed denial of service attack (DDoS):
◦ This type of attack is distributed among many different systems making it
more powerful and harder to shutdown.
4. Unusually slow network performance, unavailability of a
particular website, inability to access any website, and
dramatic increase in the amount of spam you receive.
Symptoms could stem from hardware or software problems
and mistaken for a DoS.
Users can take steps to prevent becoming part of a botnet:
◦ Install and use Anti-virus software
◦ Setup a firewall to protect your system from unauthorized access
◦ Use common sense security practices to avoid malware, trojans and
viruses
5. Nick-named “Smurf attack” after a program used to make
ICMP flooding attacks.
This attack works by sending fake ICMP echo request packets
to the networks broadcast address.
The attacker will send an ICMP echo request from a location
outside the victim’s network to an intermediary who then
passes it on to their networks broadcast address.
When all machines on the network send a reply packet
back, it creates severe problems.
6. This type of attack takes advantage of the SYN request
process.
◦ Client attempts a TCP connection by sending a SYN request to server
◦ Server responds by sending a SYN-ACK message back
◦ Client then completes the request by sending a an ACK message to the
server
Attacker takes advantage of this process by flooding the
server with SYN requests and never responding to SYN-ACK
◦ Attacker can use spoofed IP addresses, the SYN-ACK goes to faked
address
The server is left waiting for the ACK message and leaves
many connections open. Legitimate requests are ignored.
7. Attacks are illegal and break the terms of service of most ISPs
In the United States, these crimes are covered at the federal
level by the Computer Fraud and Abuse Act
In 2006, the U.K. finally passed a specific law calling out DoS
attacks as illegal.
◦ Punishable by up to 10 years in prison
Laws are ambiguous and often open to interpretation
Attacks are seen by some, such as Anonymous, as legal forms
of protest
Distributed forms of attack are hard to prosecute
◦ Attackers are often outside the jurisdiction of the victim’s country
8. Attacks are being used by governments against other
governments
The next major war will most likely see the use of DoS attacks
United States and Iran have traded blows recently over Iran’s
nuclear program
◦ Attacks against major US banks in January 2013 are suspected to have
come from Iran
Russian conflict with Georgia over South Ossetia in 2008
◦ Georgian systems suffered major DoS attacks while Russian troops
intervened in South Ossetia
China has used attacks to target Chinese human rights
organizations