Impact of DDos Attacks
Not only are DDoS attacks a pain for the target system and its network, they can also seriously hinder the function of hosts/networks used to stage the attack, and waste the time of the admins of all the involved networks. Can you imagine, as the administrator of your companys network, getting a call from a far-off network administrator complaining that theyre getting one of these attacks from your direction? Presuming that you verify that the packets really are being sent out from your network (rather than being forged, and merely claiming theyre from your network), you then have to do two things:
Given that the (probable) script-kiddie has actually gotten ON to your network, as opposed to poking at it from the outside (as with the target of the DDoS), youve got work to do, and probably something to explain to management. In this way, being an unwilling assistant to a DDoS attack tends to have consequences that are more annoying, for a longer time, than being the target of one. Author Helen says, Trust me, Ive been there on both sides. Despite my best efforts, someone got in via a zero-day Linux exploit and my domain became an unwilling participant in someones attempt at revenge on a fellow IRC user they decided they just didnt like. Unless youre Amazon.com or a site which loses tens of thousands of dollars for every minute of network downtime, it may be worse to be unwittingly on the sending side of a DDoS attack, than to be the target. There might even be legal liability for maintaining a system security configuration that allows someone to get into your network and stage a denial-of-service attack against a target -- and the target may indeed come knocking on your door if it experiences significant losses.
Of course, this assumes that you can actually identify the source of the DDoS. All bets are off if you are the victim of a DDoS attack staged with software that forges the source IP address in the attacking packets. In that case, you, the target, are likely to have a very bad day (until ISPs start communicating and narrowing down where the attack is coming from, by looking at traffic through their networks).
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.