Slashdot Mirror

← Back to Stories (view on slashdot.org)

Denial of Service via Algorithmic Complexity

Posted by michael on from the advanced-topics dept.

dss902 writes "We (Department of Computer Science, Rice University) present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures... Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks."

19 of 257 comments (clear)

  1. Denial of service? by cperciva · · Score: 4, Funny

    They claim to present a new method of low-bandwidth denial of service attack, but it looks like they're demonstrating quite an old, high-bandwidth, denial of service.

    --
    Tarsnap: Online backups for the truly paranoid
    1. Re:Denial of service? by SiMac · · Score: 5, Funny

      I think he means with the slashdotting.

  2. duh... by Anonymous Coward · · Score: 5, Funny

    you can use a modem to post a slashdot article with a link to the target computer...

  3. impressive... by ajuda · · Score: 3, Funny

    ...But in terms of raw power, nothing can match a slashdoting. Can anyone else read the link?

    1. Re:impressive... by bsharitt · · Score: 3, Funny

      With this technology we could slashdot big sites like news.com

    2. Re:impressive... by ketamine-bp · · Score: 2, Funny

      the even more creepy thing is that slashdot is full of malicious crowd.... umm... nevermind.

  4. Uh oh! by seizer · · Score: 3, Funny

    Speaking of, uh, denial of service...the site's quickly turning into a smoking ruin from where I'm standing. If it had been text only, it might have survived, but all the mathematical symbols are done using images (is that big O or big uh-O ;-) so the server is choking...

    Bring on the MathML.

  5. sham report! by larry+bagina · · Score: 3, Funny

    they don't list slahsdotting!

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  6. DOS attack by IO+ERROR · · Score: 4, Funny
    And by posting our links on /. we can bring our departmental WWW server to its knees with a single HTTP POST request.

    Anyone got mirrors yet?

    --
    How am I supposed to fit a pithy, relevant quote into 120 characters?
  7. Is it just me..? by fadeaway · · Score: 4, Funny

    This doesn't sit well with me. Should students at a University be studying, developing, and releasing improved methods with which to launch DOS attacks..?

  8. It's not a Bro by St.+Vitus · · Score: 4, Funny

    It's a Mansierre!

  9. Say what? by Znonymous+Coward · · Score: 4, Funny

    ...we can bring a dedicated _Bro_ server to its knees...

    Why they always trin' to bring the black man down?

    --

    Karma: The shiznight, mostly because I am the Drizzle.

  10. 'Bro' server by Anonymous Coward · · Score: 2, Funny

    The only 'bro' server I can think of is buddyhead.com ... Not much of an attack if you ask me ...

  11. Re:Same Content / Two Links by Anonymous Coward · · Score: 1, Funny

    You bastard.

    Oh yeah, well at the end of "The Sixth Sense" .....

    *gets maimed by millions of angry slashdotters*

  12. DOS Attack..... by Tsali · · Score: 2, Funny

    Wasn't that some command-line prompt game in 1983 somewhere?

    --
    This space for rent.
  13. Re:Same Content / Two Links by hazem · · Score: 5, Funny

    You must be theonly slashdot reader who actually reads the articles. The submitter must have figured he would get away with it!

  14. glib example by spoonist · · Score: 5, Funny

    I skimmed the Project Page and aren't a couple of the examples awefully obvious?

    The following one line of code brings every UNIX system I've run it on TO ITS KNEES WITHIN MINUTES!! This is a major vulnerability in EVERY UNIX system! Something must be done!

    main() { while (1) if (fork() == 0) while(1); }
  15. Re:I hope this isn't news to anyone... by Jucius+Maximus · · Score: 3, Funny
    "Basically, the paper says this: If you have a hash table into which attackers can insert arbitrary keys, you'd better be using a hash function for which they cannot easily generate collisions."

    It's publicised. I was warned about stuff like this in a 2nd year CS class I took several months ago. But I did *not* imagine that it could be used to take down web servers.

  16. Thankfully I�m really really stupid by Anonymous Coward · · Score: 5, Funny

    My brain is resistant to attacks using algorithmic complexity