CertiGuide to Security+  9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)       9  1.4  Attacks            9  1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS)

1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS) 1 An Early DDoS Attack

Not only are DDoS attacks a pain for the target system and its network, they can also seriously hinder the function of hosts/networks used to stage the attack, and waste the time of the admins of all the involved networks. Can you imagine, as the administrator of your company’s network, getting a call from a far-off network administrator complaining that they’re getting one of these attacks from your direction? Presuming that you verify that the packets really are being sent out from your network (rather than being forged, and merely claiming they’re from your network), you then have to do two things:

• Get rid of the problem packets, generally by yanking the source machine off the network
  
  
• Find out exactly how much of your network has been compromised, and take appropriate corrective action

Given that the (probable) script-kiddie has actually gotten ON to your network, as opposed to poking at it from the outside (as with the target of the DDoS), you’ve got work to do, and probably something to explain to management. In this way, being an unwilling assistant to a DDoS attack tends to have consequences that are more annoying, for a longer time, than being the target of one. Author Helen says, “Trust me, I’ve been there on both sides. Despite my best efforts, someone got in via a zero-day Linux exploit and my domain became an unwilling participant in someone’s attempt at revenge on a fellow IRC user they decided they just didn’t like. Unless you’re Amazon.com or a site which loses tens of thousands of dollars for every minute of network downtime, it may be worse to be unwittingly on the sending side of a DDoS attack, than to be the target.” There might even be legal liability for maintaining a system security configuration that allows someone to get into your network and stage a denial-of-service attack against a target -- and the target may indeed come knocking on your door if it experiences significant losses.

Of course, this assumes that you can actually identify the source of the DDoS. All bets are off if you are the victim of a DDoS attack staged with software that forges the ‘source’ IP address in the attacking packets. In that case, you, the target, are likely to have a very bad day (until ISPs start communicating and narrowing down where the attack is coming from, by looking at traffic through their networks).

Figure 7: First a Black Hat installs a backdoor to make machines on fast connections (DSL/Cable) to make many ‘Zombie’ machines. At a synchronized time, all the zombies direct requests to a single site.

1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS) 1 An Early DDoS Attack

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support! Donate $2 Donate $5 Donate $10 Donate $20 Donate $30 Donate: $

---

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.