Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks
           9  1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS)

Previous Topic/Section
Impact of DDos Attacks
Previous Page
Pages in Current Topic/Section
1
Next Page
SYN Floods
Next Topic/Section

An Early DDoS Attack

To help you understand how a DDoS happens, here is a brief account of a recent incident.

February 2000 gave rise to the first widespread amplified attack. The nature was serious enough to involve the Federal Bureau of Investigation (FBI) and the President of the United States. The first site attacked was Yahoo!. The Information Technology group initially thought it was a case of equipment failure.

The flood peaked at one Gigabit per second, and the service was down for five hours.

Buy.com was the next target, the next day. Coming from different points, the flood ran about 800 Megabits per second, from different sources. Later that afternoon, it was time to sink eBay. This firm did not release information about the amount of data traffic involved. Their only response to questions when pressed for technical details was, “We are taking multiple measures to fight this.”

How was the attack accomplished? High performance computers with access to large Internet connections were targeted by port scanning to find security holes, allowing access to the root account. As mentioned in chapter two, a daemon is a servant. The attacker installed UNIX daemon on the machines. Using strong encryption, the attacker told the daemons what IP addresses to attack. Using a client machine, the attacker launched the entire distributed daemon at once.

The missing piece in the equation, in the heat of the battle was, where all this processing power and Internet access with such bandwidth was originating from? The attacker planted the daemons on some of the most powerful computers with ‘fat pipes’ at the locations with the least security – namely, large college campuses.

To make these attacks harder to block, attackers normally spoof the source IP address of the data to appear as though it originates from a different network. This makes it harder for the network administrators (whose devices this flood is passing through) to filter and drop the data. Due to their simplicity DDoS attacks are a favorite tool of “script kiddies”, a term used to describe amateur hackers with little skills, who just use tools and exploits created by other people without really understanding what they are doing. It takes surprisingly minimal work and skill level to run an automated IIS hack script against an IP subnet, successfully break into a number of unsecured web servers, and then, Trojan them for use in a DDoS attack.


Previous Topic/Section
Impact of DDos Attacks
Previous Page
Pages in Current Topic/Section
1
Next Page
SYN Floods
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.