Higher Level

DoS is nuisance, much like email bombs. However, DoS attacks are infinitely more threatening, particularly if you run a corporate network or ISP. DoS can temporarily incapacitate your entire your network, or at least the hosts that reply on TCP/IP.

The first DoS attack of significance was the Morris Worm. It has been estimated that some 5,000 machines were taken out of commission for several hours. At that time (Nov., 1998), it was a disaster for academic and research centers but had little impact for the rest of the world. Today, a comparable DoS attack could result in millions of dollars of losses. For example the DoS happened half year ago, the damage for Amazon and Yahoo is around a billion.

The aim of DoS is simple and straightforward – to knock your hosts off the Net. Except when security specialist conduct DoS for testing purpose on their own hosts, the DoS is always malicious. There is no legitimate reason for anyone to incapacitate your network. DoS attacks are unlawful under a variety of both state and federal laws. Unlike other cracks, the DoS are not work of work of curious hackers, they are criminal acts done with hostile intent.

DoS attacks strike are the heart of IP implementations, hence they can crop up on any platform. And because IP implementation are not drastically different from platform to platform, a single DoS attack may well work on several target operating systems. According to the investigation, new strains of DoS attacks are released about every two weeks or so. Such release are typically written on a single build platform (for example, Linux) to attack a single target platform (for example, Windows 98). Once the code is released, it is examined by the hacker and cracker communities. Within days, someone releases a modified version (a mutation) that can incapacitate a wider variety of operating systems.

You should take DoS very seriously. They are dirty and easily implement, even by crackers with minimal programming expertise. DoS tools are therefore bottom-feeder weapons, anyone can get them and anyone can use them.

Recent DoS attacks show the style of originated from universities which has wide band-width, high speed, and comparatively loose management. Crackers can easily pre-installed the tools of DoS and initiate a simultaneous DoS to some huge networks.

Recently a wide range of DoS attacks have been developed for routers. This kind of attacks are the attacks on the hardware. The routers form the underlying routing architecture for the Internet. And a single route can provide gateway services for a whole network, thus a router attack can down a hundred machine or more, all traffic has to pass through the router before it reaches any machine. Therefore, by killing the target router, the attacker has effectively killed the target’s connection of the entire network.

Other DoS tools:

• The ancient Chinese “Ping of Death”: It is not a program, but just a simple technique that involves sending abnormally large ping packets. When a target processes these large packets, it dies. This result a blue screen with error messages from which the machine cannot recover.
  
  
• SynFlooder: is a small utility that can render UNIX servers inoperable. The program floods the target with half-open connection requests. The target attempts to process these requests and the process queue in ultimately overrun. As a result, no further remote requests can be processed and the target is rendered temporarily out-of-service.
  
  
• DNSKiller: will kill a WindowsNT 4.0 box’s DNS server. The source was written for a Linux environment, however, it may also run on a FreeBSD.