It seems that the DOS (Denial of Service) attack against Xanga of which John speaks has, for the moment, rendered propping and commenting ineffectual (Update: take that back--comments are working again!) . Unfortunately, a DOS attack can only be detected and countered at the targeted server, so there is nothing as subscribers that we can do except wait and see. In fact, during such an attack, every legitimate subscriber request tends to further strain the servers and enhance the DOS attack.
Still , I'm curious and would like to know more about this paticular attack. Typically, DOS attacks come in three flavors:
- consumption of scarce, limited, or non-renewable resources
- destruction or alteration of configuration information
- physical destruction or alteration of network components
The first of these is the most difficult for even competent network administrators to deflect and I would bet that this attack is of that nature. So how can scarce, limited, or non-renewable resources be consumed? There are four proven ways to achieve such consumption:
1) The simplest and a completely indefensible manner to effect this would be to convince one million new users to flock to Xanga all at once. For example, if some miscreant could find a way to direct every porn-seeking slob on the internet to deluge Xanga with the belief that Xanga has the best looking girls and they are all porn stars doing naughty things for free, this would constitute a Bandwidth Consumption attack:
An intruder may also be able to consume all the available bandwidth on your network by generating a large number of packets directed to your network. Typically, these packets are ICMP ECHO packets, but in principle they may be anything. Further, the intruder need not be operating from a single machine; he may be able to coordinate or co-opt several machines on different networks to achieve the same effect.
2) A hacker can use network servers to attack themselves:
In this attack, the intruder uses forged UDP packets to connect the echo service on one machine to the chargen service on another machine. The result is that the two services consume all available network bandwidth between them. Thus, the network connectivity for all machines on the same networks as either of the targeted machines may be affected.
3) Network Connectivity attacks often involve *SYN Floods*:
In this type of attack, the attacker begins the process of establishing a connection to the victim machine, but does it in such a way as to prevent the ultimate completion of the connection. In the meantime, the victim machine has reserved one of a limited number of data structures required to complete the impending connection. The result is that legitimate connections are denied while the victim machine is waiting to complete bogus "half-open" connections.
You should note that this type of attack does not depend on the attacker being able to consume your network bandwidth. In this case, the intruder is consuming kernel data structures involved in establishing a network connection. The implication is that an intruder can execute this attack from a dial-up connection against a machine on a very fast network. (This is a good example of an asymmetric attack.)
4) Other miscellaneous attacks:
In general, anything that allows data to be written to disk can be used to execute a denial-of-service attack if there are no bounds on the amount of data that can be written. For instance, generating excessive numbers of mail messages, intentionally generating errors that must be logged , or writing programs to consume scarce server *processes*.
***All GRAPED-UP information is courtesy of CERT
So Welcome
To Machine.
Important: Even if you can't comment, please scan the blog below. SuperSonicSunny aka LonelyLittleChic appears to be very much alive.
Recent Comments