Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoS Attacks Persisting, On The Rise

Posted by ryuzaki0 on from the aint-it-the-truth dept.

thelizman writes "One of the most basic "hacks" (to use the media's bastardization of the term) is a Denial of Service attack. While not getting you any access to data on a machine, DoS attacks effectively shut down machines by making them inaccessable to others. CNN is carrying and IDG.net story about how DoS attacks are still one of the leading threats on the Internet, and are actually on the rise as the sophistication of the attacks increases." We get them constantly- some intentional, some not. It's really a pain.

10 of 287 comments (clear)

  1. DOS is dead by Anonymous Coward · · Score: 5, Funny

    Everyone at my company has upgraded to Windows 3.1. I don't know why Slashdot is still talking about DOS

  2. DoS sucks by El+Volio · · Score: 5, Insightful

    Having been on of the admins for a pretty large website (top 50 according to Media Metrix), I can definitely state that DoS attacks are a royal pain. Sure, you can throw infrastructure at a problem and alleviate it, but you can't defeat it -- and they just keep coming. It's the type of attack I've never understood: it doesn't gain the attacker anything (unlike rooting a box), it's nothing but being a hoodlum.

    --

    "You can never have too many elephants on your team."

  3. DrDoS by ZaneMcAuley · · Score: 5, Interesting

    Distributed Reflection Denial of Service

    http://grc.com/dos/drdos.htm

    Looks nasty :D

    --
    ----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
    1. Re:DrDoS by Sycraft-fu · · Score: 5, Informative

      I still agree with the orignal poster that he's a huge alarmist and a sensationalist. Look at his whole shtick on "NanoProbes" (http://grc.com/np/np.htm). He talks about this like it is some new-to-the-world technology. When you read through all the marketing bullshit you come to realise it is nothing more than sending things like empty syn packets and stuff nmap and the like have done for years.

      Gibson has a real overinflated sense of his own importance and loves to make it sound like all his discoveries are huge and that the consequences of not obeying his advice are dire. However you begin to notice that he is never mentioned in any of the big security news. He's a smart guy and a deceant programmer, no doubt, but he lets his ego get in the way of his good judgement and has a tendency to exegarate the truth.

  4. Re:MS-DOS by NanoGator · · Score: 5, Funny

    "If someone 0wned the Windows Update server and used it for a DoS attack..."

    I th1nk the reas0n tha+ hackerZ d0n't use M$ s0ftware iZ +hat m0st 0f everyth1ng they wr1te w0uld have squ1ggly lineZ under it.

    --
    "Derp de derp."
  5. Re:The future of DDoS as told by Gibson by SuiteSisterMary · · Score: 5, Informative

    Steve Gibson is an idiot.

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  6. EGRESS FILTERS are STILL not implemented by ISPs by Medievalist · · Score: 5, Insightful

    /.
    Best Current Practice recommends egress filtering for all networks. Are yours in place?

    The big problem with DOS and DDOS is the untraceability provided by networks who do not prevent address spoofing with egress filters. If traffic is traceable, criminals get caught.

    Before anyone's knee jerks, let me point out:

    1) this is not a performance issue. Routing hardware and software (LRP for example) is widely and cheaply (compared to line costs) available that can implement egress filtering without any noticeable effect on line speed. Face it, processors are faster than telecommunications.

    2) Egress filters do not improve a repressive regime's ability to finger political dissidents.

    3) Egress filters are unlikely to impact privacy - unless what you are trying to keep private is destructive activity. Post a real example if you disagree.

    4) I know it's not a cure-all. It's a necessary first step, though.

    While Congress milks the entertainment industry for campaign funds in exchange for "digital rights management" facism, they ought to be mandating specific monetary penalties for businesses that do not implement egress filters, and for ISPs that do nothing about hundreds of Code-Red infected nodes on their cable farms. I shouldn't have to pay Comcast if my bandwidth is being principally used by criminals to fill my firewall logs.

    I post this every time the subject comes up; next time I'll just make a flippin' link to the BCP RFCs. I'm sure you'll all be relieved.

    --Charlie

  7. Re:Wait until.. by Liquor · · Score: 5, Insightful
    The Kazaa and Gnutella networks are protocols.
    No, they are many computers running programs that implement protocols.
    Protocols can't catch viruses.
    True. Unfortunately, the Kazaa program installs more than one protocol handler - one is the file sharing protocol itself, and another is a 'distributed computing' facility that allows (theoretically only the Kazaa servers, but...) remote control of the machine. Compromising this functionality would allow distributing malware through the entire network.
    Now if you're talkinga 'bout attacking specific flaws in Kazaa client software, or Gnutella software, then so be it - but that's not the network!
    Well, if you infect all the machines that make up a network using a flaw in the code that creates that network, I'd have to say that the network is infected. And if there is an attack that works on any client, then the first machine compromised already knows the addresses of more machines... worm code that uses the network topology (which is NOT the protocol) could then propagate to the entire network - potentially millions of machines, dwarfing the scale of even the 'code red' worm.

    And if that's not effectively spreading through the network, I don't know what would be.
    Moderate this fool back to 1.
    The parent of your post is not the fool - but you definitely failed to understand the post.

    --

    Liquor
    Sanity is a highly overrated commodity.
  8. Need power to get ISP's to cooperate by PhotoGuy · · Score: 5, Interesting

    One of the biggest problems in DOS attacks, is that you just can't get the attention of major ISP's or backbones to trace and solve the problem.

    We had major DOS attacks on our site for ages. But when the customer of a major national ISP is the source of it, try getting ahold of someone at that company to track the problem. They just won't respond to these things, in our experience.

    I think that for any company to provide internet service, they should be *required* by law, to cooperate in tracking and stopping DOS attacks from their customers. There needs to be a consistent, predictable, and workable national policy for this.

    If someone calls me with threatening phone calls, I *know* it's possible to get the phone company to cooperate, track, and isolate the problem, even if it originates with another phone company. The same should be true with ISP's.

    --
    Love many, trust a few, do harm to none.
  9. DoS as self-defense against "bad guys" by DocSnyder · · Score: 5, Interesting
    it doesn't gain the attacker anything (unlike rooting a box)

    Sometimes DoS can be a not-really-fine but very effective method of self-defense. In Germany we have a quite big problem with spam advertising dialers - little programs which redirect a w1nd0z3 box's internet dialup connection to an extremely expensive special number which is normally used for phone sex or premium services. One short connection can cost up to 900 € (that's no joke, there's no limit), and as some dialers hide well while replacing the default connection, some people got a phone bill of more than 10000 € at the end of the month.

    During the second halfth of March, I got about five of these dialer spams each day. Other people got even more. The web hoster - a company selling these dialers - didn't act against any incidence of spam, the download accounts remained open for weeks regardless of any complaints. Their uplink... well, UUnet. As the discussion on the Usenet forum "de.admin.net-abuse.mail" went on, even the web hoster's boss himself joined and couldn't understand to be responsible for knowingly tolerating his customers abusing his service - of course he made a lot of money even by spamvertised dialers.

    About a week ago, some spam victims were completely fed up. As the legal methods didn't work at all, the dialer should be made unavailable by distributed mass-downloading. The threat escalated in a clear message to the site maintainer - either go against your spamming customers or see your dialer being downloaded until the server blows the whistle.

    The story appeared on Heise News which has a quite large reader base in Germany, to be read by lots of angry people whose inboxes were full of dialer spam. The "Heise effect" was enough for the site maintainer to become really scared - lots of DSL and broadband users started to download the dialer not only once but as often as they could. The web server became too busy to serve dialers even to people who would want it. The company selling these dialers didn't have any choice - either stop supporting spammers or have their dialer server slashdotted until it blows the whistle. Only a day later the company's boss agreed on getting rid of and seeking legal action against spamming customers.

    A few days later, another spam went around, advertising a dialer hosted on an Eastern-European web server. Same game: the spam victims squeezed the dialer out of the web server as many times as possible. The site got hosed so badly that even a few hours after the spam incident, the dialer was no longer available.

    As a result, if you really want to hit a spammer, DoS^H^H^H/.ing his web site - especially large files or CGI scripts - has finally proved as much more effective than blacklisting, LARTing or anything else (which still remains useful, though). Even big providers will notice a gigabyte-large traffic peak towards only one target.