US-CERT Cyber Security Tip ST04-015 -- Understanding Denial-of-Service Attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                   Cyber Security Tip ST04-015 archive 
                 Understanding Denial-of-Service Attacks

   You may have heard of denial-of-service attacks launched against web
   sites, but you can also be a victim of these attacks.
   Denial-of-service attacks can be difficult to distinguish from common
   network activity, but there are some indications that an attack is in
   progress.

What is a denial-of-service (DoS) attack?

   In a denial-of-service (DoS) attack, an attacker attempts to prevent
   legitimate users from accessing information or services. By targeting
   your computer and its network connection, or the computers and network
   of the sites you are trying to use, an attacker may be able to prevent
   you from accessing email, web sites, online accounts (banking, etc.),
   or other services that rely on the affected computer.

   The most common and obvious type of DoS attack occurs when an attacker
   "floods" a network with information. When you type a URL for a
   particular web site into your browser, you are sending a request to
   that site's computer server to view the page. The server can only
   process a certain number of requests at once, so if an attacker
   overloads the server with requests, it can't process your request.
   This is a "denial of service" because you can't access that site.

   An attacker can use spam email messages to launch a similar attack on
   your email account. Whether you have an email account supplied by your
   employer or one available through a free service such as Yahoo or
   Hotmail, you are assigned a specific quota, which limits the amount of
   data you can have in your account at any given time. By sending many,
   or large, email messages to the account, an attacker can consume your
   quota, preventing you from receiving legitimate messages.

What is a distributed denial-of-service (DDoS) attack?

   In a distributed denial-of-service (DDoS) attack, an attacker may use
   your computer to attack another computer. By taking advantage of
   security vulnerabilities or weaknesses, an attacker could take control
   of your computer. He or she could then force your computer to send
   huge amounts of data to a web site or send spam to particular email
   addresses. The attack is "distributed" because the attacker is using
   multiple computers, including yours, to launch the denial-of-service
   attack.

How do you avoid being part of the problem?

   Unfortunately, there are no effective ways to prevent being the victim
   of a DoS or DDoS attack, but there are steps you can take to reduce
   the likelihood that an attacker will use your computer to attack other
   computers:

     * Install and maintain anti-virus software (see Understanding
       Anti-Virus Software for more information).

     * Install a firewall, and configure it to restrict traffic coming
       into and leaving your computer (see Understanding Firewalls for
       more information).

     * Follow good security practices for distributing your email address
       (see Reducing Spam for more information). Applying email filters
       may help you manage unwanted traffic.

How do you know if an attack is happening?

   Not all disruptions to service are the result of a denial-of-service
   attack. There may be technical problems with a particular network, or
   system administrators may be performing maintenance. However, the
   following symptoms could indicate a DoS or DDoS attack:

     * unusually slow network performance (opening files or accessing web
       sites)

     * unavailability of a particular web site

     * inability to access any web site

     * dramatic increase in the amount of spam you receive in your
       account

What do you do if you think you are experiencing an attack?

   Even if you do correctly identify a DoS or DDoS attack, it is unlikely
   that you will be able to determine the actual target or source of the
   attack. Contact the appropriate technical professionals for
   assistance.

     * If you notice that you cannot access your own files or reach any
       external web sites from your work computer, contact your network
       administrators. This may indicate that your computer or your
       organization's network is being attacked.

     * If you are having a similar experience on your home computer,
       consider contacting your Internet service provider (ISP). If there
       is a problem, the ISP might be able to advise you of an
       appropriate course of action.
   _________________________________________________________________

   Author: Mindi McDowell
   _________________________________________________________________

   This document can also be found at
   
   <http://www.us-cert.gov/cas/tips/ST04-015.html>
   
   Copyright 2004 Carnegie Mellon University
   
   Terms of use
   
   <http://www.us-cert.gov/legal.html>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBGmrhXlvNRxAkFWARAlSKAJ9+ylpmp3MCNZ60IY0GH6rpHugmKQCgqWUM
14EnTDomBrdxQ90QtjLRD94=
=8t8G
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux