Changes

'''DDoS''' is the acronym for '''Distributed Denial of Service.''' The [[SEI|Software Engineering Institute]] at [[Carnegie Mellon University]] explained that the telephone system, computer system and the Domain Name System ([[DNS]]) sometimes become unusable during peak hours because of supply and demand. However, when an intruder or hacker interrupts the system, takes control of the computer and prevents the legitimate user to use it and forces the computer to send large amount of email to someone else which can not be handled by the recipient's disk that saves e-mails, a '''Denial of Service (DoS) attack''' happens. If an intruder attacks a particular computer, takes control of it and sends extraordinary amount of data to a website and distribute it to numerous email addresses affecting the users computer network, the intrusion is called '''Distributed Denial of Service attack'''.<ref>[http://www.cert.org/homeusers/ddos.html What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?]</ref>]

'''DDoS''' is the acronym for '''Distributed Denial of Service.'''  

 

The telephone system, computer system and Domain Name System ([[DNS]]) sometimes become unusable during peak hours because of supply and demand. However, when an intruder or hacker interrupts the system, takes control of the computer, prevents the legitimate user from using it, and forces the computer to send such a large amount of email to another person that it cannot be handled by the recipient's save disk, a '''Denial of Service (DoS) attack''' happens. If an intruder attacks a particular computer, takes control of it, sends extraordinary amount of data to a website and distributes it to numerous email addresses affecting the computer network, the intrusion is called a '''Distributed Denial of Service attack'''.<ref>[http://www.cert.org/homeusers/ddos.html What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It?]</ref>]

==Background==

==Background==

The [[CERT/CC]] at Canegie Mellon University documented the first incident of Denial Of Service Attack in 1999 when the [[Trinoo]] and [[Tribe Flood Network]] (TFN) DDoS Network tools were widely distributed. The two DDoS used UDP Flood attack, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast denial of service attacks respectively.<ref>[http://www.cert.org/incident_notes/IN-99-07.html Cert Incident Notes IN-99-09 Distributed Denial of Service Tools]</ref> Trinoo attacked a single computer from Minnesota University, affected around 227 systems and became unusable for more than two days.<ref>

The [[CERT/CC]] at Canegie Mellon University documented the first incident of Denial Of Service Attack in 1999 when the [[Trinoo]] and [[Tribe Flood Network]] (TFN) DDoS Network tools were widely distributed. The two DDoS used UDP Flood attack, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast denial of service attacks respectively.<ref>[http://www.cert.org/incident_notes/IN-99-07.html Cert Incident Notes IN-99-09 Distributed Denial of Service Tools]</ref> Trinoo attacked a single computer from Minnesota University, affected around 227 systems, and became unusable for more than two days.<ref>

[http://www.garykessler.net/library/ddos.html Defenses Against Distributed Denial of Service Attacks]</ref>

[http://www.garykessler.net/library/ddos.html Defenses Against Distributed Denial of Service Attacks]</ref>

On February 2000, a massive DDoS attack against high profile websites including [[Yahoo]]!, [[Buy.com]], [[eBay]], CNN, [[Amazon.com]], [[ZDNet.com]], E-Trade, and Excite were paralyzed and lost an estimated amount of $1.7 billion. A suspect in who is a juvenile Canada with an online alias "mafiaboy" was arrested on April of the same year. He plead guilty on January 18, 2001 on 56 charges of mischief and illegal use of computer services.<ref>[http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html E-Commerce Giants Crippled in DDoS Attacks]</ref>

On February 2000, a massive DDoS attack paralyzed high profile websites including [[Yahoo]]!, [[Buy.com]], [[eBay]], CNN, [[Amazon.com]], [[ZDNet.com]], E-Trade, and Excite, which together lost an estimated amount of $1.7 billion. A suspect, a Canadian juvenile with the online alias "mafiaboy," was arrested on April of the same year. He pleaded guilty on January 18, 2001 on 56 charges of mischief and illegal use of computer services.<ref>[http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html E-Commerce Giants Crippled in DDoS Attacks]</ref>

[[Network Solutions]] spokesperson [[Shashi Bellamkonda]] reported that the company experienced a consecutive DDoS attacks on June 20-21, 2011 wherein its costumers were unable to access the server and e-mail and the website became unstable. The company resolved the problem as quickly as possible.<ref>[http://dos-attacks.com/2011/06/22/network-solutions-bounces-back-after-ddos/ Network Solutions Bounces Back After DDoS]</ref>

* [[Stacheldraht]] 1.666 DDoS tool was discovered and widely spread on multiple compromised hosts in several organizations; <ref>[http://www.cert.org/advisories/CA-2000-01.html CA-2000-01 Denial-of-Service Developments]</ref>

* [[Love Letter Worm]] a malicious VBScript which was spread through emails, Windows file sharing, IRC, USENET news and through webpages affecting more than 500,000 computer systems; <ref>[http://www.cert.org/advisories/CA-2000-04.html CERT Advisory CA-2000-04 Love Letter Worm]</ref>

* [[T0rnkit]] was also distributed by intruders using six different versions of rootkit.<ref>[http://www.cert.org/incident_notes/IN-2000-10.html Cert Incident Note IN-2000-10]</ref>

* [[W/32/Sircam]], an e-mail borne virus; <ref>

[http://www.us-cert.gov/reading_room/home-network-security/#III-B-1 Home Network Security]</ref>

* [[Leaves]], capable of updating and changing its functionality during a hack affected millions of internet users in five provinces of China when an unknown hacker attacked the the server of [[DNSPod]], a Chinese domain name registrar in 2009;<ref>[http://news.softpedia.com/news/DDoS-Attack-Leaves-Five-Chinese-Provinces-Without-Internet-112313.shtml DDoS Attack Leaves Five Chinese Provinces Without Internet]</ref> and many other viruses and worms distributed by hackers to cripple computer networks in homes and organizations.

[[Network Solutions]] spokesperson [[Shashi Bellamkonda]] reported that the company experienced a consecutive DDoS attacks on June 20-21, 2011 wherein its costumers were unable to access the server and e-mail and the website became unable. The company was to resolve the problem immediately.<ref>[http://dos-attacks.com/2011/06/22/network-solutions-bounces-back-after-ddos/ Network Solutions Bounces Back After DDoS]</ref>

These attack tools change the characteristics of packets in the packet stream. For example, the Source IP Address is changed to hide the real source of the packet stream. The method of sending packet streams to one or more intermediate sites to create responses that will be sent to a victim is called IP Spoofing.<ref>[http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/default.htm Spoofing]</ref> Other packet stream attributes that are altered by intruders are the Source/Destination Ports and Other IP Header Values.

==Frequent Targets of Intruder Attacks==

==Frequent Targets of Intruder Attacks==

According to the CERT report, "Trends in Denial Service Attack Technology" the frequent targets of intruders are Windows end-users and Internet Routing Technology. Intruders primary intention in conducting DoS attack is to prevent the use of computer or network resources. A computer controlled by a hacker is known as '''zombie''' or '''bot''' while a controlled computer network is referred as '''botnet''' or '''zombie army'''.<ref>[http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack Distributed Denial of Service Attack (DDoS)]</ref>

According to the CERT report, "Trends in Denial Service Attack Technology," the most frequent targets are Windows end-users and Internet Routing Technology. An intruder's primary intention in conducting DoS attack is to prevent the use of computer or network resources. A computer controlled by a hacker is known as "zombie" or "bot," while a controlled computer network is referred as a "botnet" or "zombie army."<ref>[http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack Distributed Denial of Service Attack (DDoS)]</ref>

==Reasons Why Internet is Vulnerable to Attacks==

==Reasons Why Internet is Vulnerable to Attacks==

Internet connected systems are still vulnerable to DoS attacks despite active security efforts is because of the following reasons:<ref>[http://www.cert.org/homeusers/ddos.html Trends in Denial Service Attack Technology]</ref>

Internet-connected systems are still vulnerable to DoS attacks despite active security efforts because of the following reasons:

* Internet is composed of limited and consumable resources

* The Internet is composed of limited and consumable resources

* Internet security is highly interdependent

* Internet security is highly interdependent<ref>[http://www.cert.org/homeusers/ddos.html Trends in Denial Service Attack Technology]</ref>

 

 

These attack tools changes the characteristics of packets in the packet stream such as the '''Source IP Address''' to hide the real source of the packet stream. The method of sending packet streams to one or more intermediate sites to create responses that will be sent to a victim is called '''IP Spoofing.'''<ref>[http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Spoofing/default.htm Spoofing]</ref> Other packet stream attribute being altered by intruders are the '''Source/Destination Ports''' and '''Other IP Header Values'''.

==References==

==References==

{{reflist}}

{{reflist}}

[[Category:Glossary]]

[[Category:Glossary]]

__NOTOC__

__NOTOC__