Denial-of-service

See also: Back (homonymy), Flood

The denial-of-service or Denial off Service (Back) is, generally, the attack which aims at returning a computer application unable to answer the requests of its users.

These attacks DDOS are increasingly frequent since the appearance of CMS (like SPIP, JOOMLA, and others…). Indeed, source codes PHP are accessible by everyone and thus it is easy for the pirates to launch attacks by finding security breaches in the CMS.

A machine waiter offering services to its customers (for example a Web server) must treat requests coming from several customers. When the latter cannot profit from it for reasons deliberately caused by a third there is denial-of-service .

Types of attacks

Many types of denial-of-service attacks exist (the simple fact of disconnecting the catch of a waiter can be described as denial-of-service attack) but the attacker often proceeds by saturation of at least one of the elements charged to animate the application.

Refusal by saturation

(Back Denial off Saturation) Processing capability of the equipment (computers, equipment networks…) mobilized is usually defined so that a given number of requests are simultaneously honoured. When this number increases too much and in a prolonged way one of the equipment saturates and thus does not accept any more all the new requests. That constitutes a denial-of-service since certain users will not be able consequently to employ the unit any more.

DDoS

The approach called Distributed Denial off Service (DDoS) rests on a parallelization of attacks DoS, simultaneously carried out by several systems against only one. That reduces the time necessary to the attack and amplifies its effects. In this type of attack the pirates are dissimulated sometimes thanks to machine-rebounds (or machines zombies), used without the knowledge of their owners. A whole of machine-rebounds, also called Botnet, is controllable by a pirate after infection of each one of them by a program of the type Hidden door.

List to supplement

Persons in charge of these attacks

• These attacks are often used by the Lamer S, the Script kiddies or the originators of virus. They can forward by Botnet S.
• This kind of attack is also very useful to a pirate who does not succeed in taking the control of a machine while trying to be made pass for a machine of confidence thanks to IP spoofing. Indeed in the event of request for session (TCP SYN) with a Adresse IP “spoofée” which would be that of the machine of confidence it is well the latter which would receive package TCP SYN/ACK emitted by the target, therefore it automatically réinitialiserait the attempt at connection with a package RST (since it is not at the origin of the request for establishment of session), prohibiting the pirate from establishing a session.
• For a few years the denial-of-service attack distributed has been used at ends of blackmail and attempt at extortion near the companies whose marketing activity rests on the availability of their Web site. These rackets are more the fact of criminal organizations (gangster) that isolated pirates.

Examples of attacks Back and DDoS

• Attack on the waiter of update of Microsoft
• Attack of Web sites known such as Google, Microsoft, Apple
• Attacks of the type “ping flood” of October 2002 and Back in February 2007 on the waiters roots DNS
• Attacks of the principal sites of the Estonian administration, of banks and Estonian newspapers probably by pirates with the service of the Russian government during the month of May 2007

How to avoid these attacks

• the attacks of the DoS type can be avoided by locating the addresses hostile machine, in the case of a remote attack, and to banish this one. Packages IP coming from this machine consequently will thus be rejected directly without being treated.
• the attacks of the DDoS type are much more difficult to avoid, one can only limit their devastators effects by locating the hostile machines carrying out too much of requests in a time limited (behavior abnormal customer) in order to banish them progressively. However a massive and fast attack will undoubtedly not be stopped thus. An architecture distributed, composed of several machines managed waiters offering the same service so that each address IP of machine customer is dealt with only by one of them, makes it possible to distribute the access points to the desired services and offers a degraded mode (deceleration) often acceptable. The use of SYN cookie S is also a possible solution to avoid the attacks of the type SYN flooding but however does not allow to avoid the saturation of the band-width of the network.

Return to the normal conditions

The return to the normal conditions can require an intervention because certain software does not find only an adequate context after an attack.

See too

• SYN flood

• Vulnerability (data-processing)

Random links:

Large apartments of the castle of Versailles | Jaunay | Lista de los telescopios que se refractan ópticos más grandes | Vernassal | Morozzo | Young man (album)

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org