CertiGuide to Security+  9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)       9  1.4  Attacks            9  1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS)

Impact of DDos Attacks 1 SYN Floods

To help you understand how a DDoS happens, here is a brief account of a recent incident.

February 2000 gave rise to the first widespread amplified attack. The nature was serious enough to involve the Federal Bureau of Investigation (FBI) and the President of the United States. The first site attacked was Yahoo!. The Information Technology group initially thought it was a case of equipment failure.

The flood peaked at one Gigabit per second, and the service was down for five hours.

Buy.com was the next target, the next day. Coming from different points, the flood ran about 800 Megabits per second, from different sources. Later that afternoon, it was time to sink eBay. This firm did not release information about the amount of data traffic involved. Their only response to questions when pressed for technical details was, “We are taking multiple measures to fight this.”

How was the attack accomplished? High performance computers with access to large Internet connections were targeted by port scanning to find security holes, allowing access to the root account. As mentioned in chapter two, a daemon is a servant. The attacker installed UNIX daemon on the machines. Using strong encryption, the attacker told the daemons what IP addresses to attack. Using a client machine, the attacker launched the entire distributed daemon at once.

The missing piece in the equation, in the heat of the battle was, where all this processing power and Internet access with such bandwidth was originating from? The attacker planted the daemons on some of the most powerful computers with ‘fat pipes’ at the locations with the least security – namely, large college campuses.

To make these attacks harder to block, attackers normally spoof the source IP address of the data to appear as though it originates from a different network. This makes it harder for the network administrators (whose devices this flood is passing through) to filter and drop the data. Due to their simplicity DDoS attacks are a favorite tool of “script kiddies”, a term used to describe amateur hackers with little skills, who just use tools and exploits created by other people without really understanding what they are doing. It takes surprisingly minimal work and skill level to run an automated IIS hack script against an IP subnet, successfully break into a number of unsecured web servers, and then, Trojan them for use in a DDoS attack.

Impact of DDos Attacks 1 SYN Floods