Chapter 5. Denial of Service Attacks
A denial of service (DoS)
attack is an attempt to prevent legitimate
users from using a service. This is usually done by consuming all of
a resource used to provide the service. The resource targeted is
typically one of the following:
CPU Operating memory (RAM) Bandwidth Disk space
Sometimes, a less obvious resource is targeted. Many applications
have fixed length internal structures and if an attacker can find a
way to populate all of them quickly, the application can become
unresponsive. A good example is the maximum number of Apache
processes that can exist at any one time. Once the maximum is
reached, new clients will be queued and not served.
DoS attacks are not unique to the digital world. They existed many
years before anything digital was created. For example, someone
sticking a piece of chewing gum into the coin slot of a vending
machine prevents thirsty people from using the machine to fetch a
refreshing drink.
In the digital world, DoS attacks can be acts of vandalism, too. They
are performed for fun, pleasure, or even financial gain. In general,
DoS attacks are a tough problem to solve because the Internet was
designed on a principle that everyone plays by the rules.
You can become a victim of a DoS attack for various
reasons:
- Bad luck
-
In the worst case, you may be at the wrong place at the wrong time.
Someone may think your web site is a good choice for an attack, or it
may simply be the first web site that comes to mind. He may decide he
does not like you personally and choose to make your life more
troubled. (This is what happened to Steve Gibson, of http://www.grc.com fame, when a 13-year-old
felt offended by the "script
kiddies" term he used.)
- Controversial content
-
Some may choose to attack you because they do not agree with the
content you are providing. Many people believe disrupting your
operation is acceptable in a fight for their cause. Controversial
subjects such as the right to choose, globalization, and politics are
likely to attract their attention and likely to cause them to act.
- Unfair competition
-
In a fiercely competitive market, you may end up against competitors
who will do anything to win. They may constantly do small things that
slow you down or go as far as to pay someone to attack your
resources.
- Controversy over a site you host
-
If your job is to host other sites, the chances of being attacked via
a DoS attack increase significantly. With many web sites hosted on
your servers, chances are good that someone will find one of the
sites offending.
- Extortion
-
Many attempts of extortion were reported in the past. Companies whose
revenue depends on their web presence are especially vulnerable. Only
the wealthiest of companies can afford to pay for infrastructure that
would resist well-organized DoS attacks. Only the cases where
companies refused to pay are publicly known; we do not know how many
companies accepted blackmail terms.
|
In November 2002, Alan Ralsky, a well-known bulk-email operator, gave
an interview describing what he does and how he makes money sending
bulk email. The interview received wide publicity reaching most
technology-oriented web sites and, eventually, the very popular
Slashdot technology news site. In the interview, Alan disclosed the
purchase of a new home, and soon the address of the home found its
way into a Slashdot comment.
In an apparent retribution by the readers, Alan Ralsky was subscribed
to hundreds of snail-mail mailing lists for ads, catalogues, and
magazines. Subscriptions caused huge quantities of mail to arrive on
his doorstep every day, effectively preventing Ralsky from using the
address to receive the mail he wanted. Here is a list of articles
that describe the situation:
|
DoS attacks can be broadly divided into five
categories:
These types of attacks are described in the rest of this chapter.
|
