Denial of service

From Higher Computing Science
Jump to: navigation, search

Key points

  • Denial of Service attacks attempts to shut down a server by targeting it with traffic. If the traffic overwhelms the server, it will become unavailable to ordinary users.
  • Denial of service attacks can use exploits (security vulnerabilities) or simply a large number of requests.
  • Since large organisations like Amazon, Google and Microsoft would have more resources than a single attacking computer, often attacks are distributed amongst a large number of attacking computers. This is called a Distributed Denial of Service Attack.
  • Often DOS attacks are utilising the resources of infected host computers. The computers are controlled remotely and are instructed to attack a server. This is known as a bot-net.
  • Firewalls can prevent some traffic from entering the system but cannot protect against attacks that look like "real" web traffic. Anti-virus software can prevent exploits being used to access the server.

Information

File:Sulmet DoS.gif
Distributed DOS attack

A Denial of Service attack is a common form of Internet attack. It does not need to be carried out by an expert hacker - anyone with a simple program can carry out an attack. This is because a DOS attack is caused by sending an overwhelming volume of traffic to a single point on a network. This stops the device from working because:

  • The buffer of the device (dealing with incoming information) will be fill with requests and cannot recieve any more
  • The computer cannot retrieve or send requested files or data at the rate they are requests
  • The processor in the computer may be utilised 100% of the time, so the server's many processes and applications find it difficult to find time on the processor

Denial of Service is mainly used as a way to take computer networks offline, rather than access them, but hackers can use DOS to restart a machine, or remove a router from service.

The Ping of Death

An early version of DOS was to use the ping command, which sends a packet to a networked computer, and measures the time it takes to respond. The Ping of Death is a large packet (several thousand kilobytes) sent repeatedly to a target computer. This will ultimately overrun the buffers of the computer, preventing it from communicating. Most operating systems have patched this vulnerability.

Other forms of DOS attack

  • SYN attack, caused by half-opening a network connection to another computer, taking up resources on the computer
  • Teardrop, which sends jumbled fragments of data that cannot be reassembled, causing some computes to crash
  • Permanent DOS attacks, which use vulnerabilities in software to rewrite Flash memory on computers with garbage, preventing the computers from starting up


Distributed Denial of Service

It is possible for a large number of computers to combine in an attack on one computer on a network. This is carried out using an array of computers all targeting the same computer manually or automatically.

Computers can be used without the user knowing, if a virus has managed to install a Botnet. A Botnet is a piece of software that can be used to carry out a task on a computer, but is remotely controlled. When the Botnet's master computer issues a command, all computers in the botnet will carry it out.

One of the biggest known botnets, ZeroAccess, had infected and utilised 1.9 million computers.

Anonymous

File:LoicNewEraCrackerEdited.png
The Low Orbit Ion Cannon

The hacker group Anonymous regularly uses the DDOS technique to take down the websites and services of organisations. This has included the FBI and the Church of Scientology. The group uses a program called the Low Orbit Ion Cannon to carry out the attacks - this acts like a botnet, but the users have chosen to take part.

Videos

Further information

Test yourself

Teaching resources