Denial of Service Attacks

"In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

"The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.

"An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.

"In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a web site or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack." - US CERT.

Federal Activity

• 2000 DDOS: "In the week of February 7, 2000, hackers launched distributed denial of service (DDS) attacks on several prominent websites, including Yahoo!, E*Trade, Amazon.com, and eBay.  In a DDS attack, dozens or even hundreds of computers all linked to the Internet are instructed by a rogue program  to bombard the target site with nonsense data.  This bombardment soon causes the target sites's servers to run out of memory, and thus cause it to be unresponsive to the queries of legitimate customers.  On February 29, 2000, Deputy Attorney General Eric Holder and Director of the National Infrastructure Protection Center Michael A. Vatis testified before a House and Senate Joint Judiciary Subcommittee meeting to talk about the distributed denial of services attacks and about cybercrime in general." Cybercrime.gov
  • Presidential Memo: Action by Federal Agencies to Safeguard Against Internet Attacks (March 3, 2000)
  • Hearings
    • Jun. 27, 2000 Senate Judiciary Committee S.2448, to  enhance the protections of the Internet and the  critical infrastructure of the United States
    • Feb 29. Senate Judiciary Committee Subcommittee on Criminal Justice Oversight joint hearing with the House Judiciary Subcommittee on Crime, on "Internet Denial of Service Attacks and the Federal Response ."   2:00 p.m. in Rayburn HOB Room 2141
      • Statement of Eric Holder, Deputy Attorney General of the United States, Before the Subcommittee on Crime of the House Committee on the Judiciary and the Subcommittee on Criminal Justice Oversight of the Senate Committee on the Judiciary on "Internet Denial of Service Attacks and the Federal Response" (February 29, 2000)
      • Statement of Michael A. Vatis, Director, National Infrastructure Protection Center, Federal Bureau of Investigation before the Senate Judiciary Committee, Criminal Justice Oversight Subcommittee and House Judiciary Committee, Crime Subcommittee on "Cybercrime" (February 29, 2000

Audio

• Webcast: Analysis of the DDoS Attack Against SCO, NANOG 3/26/2004
• Nanog, Trends in Denial of Service Attack Technology Kevin Houle, CERT Fall 2001
• Nanog, Diversion and Sieving Techniques to Defeat  DDoS, Yehuda Afek,  Anat Bremler-Barr,  Tel-Aviv Univ. & WANWall; Hank Nussbacher,  Dan Touitou, WANWall

Papers

• CERT/CC Denial of Service Attacks
• W3C Securing Against Denial of Service Attacks
• CAIDA Worldwide Detection of Denial of Service (DoS) Attacks 8/2001
• Nanog, DoS Attacks in the Real World Karthik Arumugham, Global NxAPs, Fall 2001
• CAIDA:  Internet Measurement: Myths about Internet data (5 dec 01) Myth: DOS only affects large sites

DNS Attack

News

• Denial-of-Service Attack Targets Windows XP, eweek 6/8/2007
• Survey: DOS attacks, bots top security threats, CW 9/12/2006
• Botnet Herder Charged With 2004 DoS Attack, Internet Week 10/26/2006
• Denial-of-service hacking soars, BBC 3/9/2006
• DoS Attacks Still A Threat, CW 4/8/02
• New Defense Against Hack Attacks , Newsfactor 4/8/02
• Hybrid DDoS worm strikes MS servers, ZDNet 11/23/01
• Anti-DDoS Tool Debuts At RSA , Interactive 2/20/02
• DoS Attacks: Easier To Launch, Harder to Fight, Newsfactor 11/7/01
• CERT: Net Targeted For DoS Attacks, Infoworld 10/25/01
• Study: Nearly 4,000 DoS attacks occur per week, CNN 5/25/01
• FBI: Hackers Step Up DoS Attacks, Newsbytes 5/8/01
• White House Site Attack Clues Sought, CW 5/8/01
• Denial-of-service warning put out by FBI cybercrime agency, CW 5/8/01