Changes

Jump to: navigation, search

DoS Attack

6,373 bytes added, 5 years ago
no edit summary
{{Glossary|
|note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS.'''
| logo = DNS Seal.png
|link = http://dnsseal.wiki/
}}

'''DoS Attacks''', or '''Denial of Service Attacks''', involve making a website or server unresponsive and inaccessible.<ref>[http://www.us-cert.gov/ncas/tips/ST04-015 Security Tip (ST04-015): Understanding Denial-of-Service Attacks] (February 6, 2013), United States Computer Emergency Readiness Team (United States Department of Homeland Security)</ref> This can be accomplished through flooding a website with so much traffic that it can no longer respond to queries or by using bugs in the system's security to "destabilize" it.<ref name="alto">[https://www.paloaltonetworks.com/resources/learning-center/what-is-a-denial-of-service-attack-dos.html Denial of Service Attack - Prevent DoS Attacks with Palo Alto Networks], Palo Alto</ref> A distributed denial of service attack ([[DDoS Attacks|DDoS Attack]]) is one form of DoS attack that is particularly dangerous and has receive a lot of attention in the last few years.

==Public Perception==
The public perception of DoS attacks is largely negative. DoS attacks affect not only the website or server that is taken down but also all of the user or consumer activity on the site.

==Outcome==
The outcome of DoS attacks is that websites are unavailable to users which may hurt the site's credibility and/or financial viability.

==Historical Use==
DoS attacks are used to take sites or servers offline or to make them otherwise inaccessible to users. Reasons for DoS attacks include protests via hacktivism and criminal intent.<ref name="blog">[http://blog.icann.org/2013/04/how-to-report-a-ddos-attack/ How to Report a DDoS Attack] by Dave Piscitello (April 25, 2013), Internet Corporation for Assigned Names and Numbers (ICANN)</ref> There are multiple methods that can be used to perpetrate a DoS attack. Some examples are:
*Teardrop Attack: in this attack, the attacker sends "IP fragment packets that are difficult to reassemble."<ref name="ip">[http://www.iplocation.net/tools/denial-of-service.php What is Denial of Service (DoS) attack?], IP Location</ref><ref>[http://www.webopedia.com/TERM/D/DoS_attack.html DoS attack - Denial of Service attack] at Webopedia</ref> Failure to properly reassemble the fragments may cause errors to occur.

*Ping of Death or Long ICMP: this attack causes system failure by sending a "an IP packet larger than...allowed by the IP protocol."<ref name="ip"/><ref name="sec">[http://searchsecurity.techtarget.com/definition/ping-of-death Definition: Ping of Death], SearchSecurity</ref> Fixes for this attack were made readily available in 1997.<ref name="sec"/>

*Smurf Attack: this attack works by sending ping request packets in mass while using a forged IP address.<ref name="ip"/>

*Ping of Flood: this attack executed by "overwhelming the victim's network with ICMP Echo Request (ping) packets."<ref name="ip"/>

*SYN Flood: Syn floods overload servers by repeatedly asking to join the network and then never accepting the request.<ref name="alto"/> Legitimate users are the blocked from connecting.<ref name="alto"/><ref name="ip"/>

*Mail Bomb: this attack is aimed at disrupting mail servers. This attack occurs when a massive amount of emails are sent that have large attachments.<ref name="ip"/>

*DDoS Attack: this attack involves simultaneous flooding a website or server with traffic originating from multiple sources. See the [[DDoS Attacks]] page for more information.

==ICANN Policy==
*ICANN has no policy that specifically addresses DoS attacks. However, ICANN does address DDoS attacks in blog posts<ref name="blog"/> and in a [[Security and Stability Advisory Committee]] (SSAC) advisory. ICANN's blog discusses the issues of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and internet service provider (ISP).<ref name="blog"/> If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.<ref name="blog"/>
**Read ICANN's blog post on [http://blog.icann.org/2013/04/how-to-report-a-ddos-attack/ Reporting DDoS Attacks].

==Legislation==
*[[Computer Fraud and Abuse Act]] (CFAA): This act, last amended in 2008,<ref>[http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act Computer Fraud and Abuse Act] at Wikipedia</ref> prohibits damage to another person's computer and the unauthorized use of another person's computer.<ref>[https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29 Computer Fraud and Abuse Act (CFAA)] at Internet Law Treatise</ref><ref>[http://us.practicallaw.com/2-508-3428 Computer Fraud and Abuse Act (CFAA)], Practical Law, Thomson Reuters</ref> Harm or damage defined under the CFAA is "any impairment to the integrity or availability of data, a program, a system, or information."<ref name="tech">[http://www.technicallylegal.org/the-legality-of-denial-of-service-attacks/ The legality of denial of service attack] (December 12, 2010), Technically Legal</ref> Committing a DoS Attack often falls under these requirements, separate from any other criminal threats or demands that may have occurred.<ref name="tech"/> In relation specifically to DDoS attacks, if the hacker used a botnet to perpetrate the attack, he or she could be charged under CFAA in addition to facing civil suits.<ref>[http://us.practicallaw.com/7-516-9293 Distributed Denial-of-Service (DDoS) Attack], Practical Law, Thomson Reuters</ref> DDoS attackers can also face jail time.<ref name="naked">[http://nakedsecurity.sophos.com/2010/12/09/are-ddos-distributed-denial-of-service-attacks-against-the-law/ Are DDoS (distributed denial-of-service) attacks against the law?] by Graham Cluley (December 9, 2010), Naked Security (Sophos)</ref>

*Additionally, many internet service providers (ISPs) and Internet-based companies have terms in their user agreements that directly or indirectly prohibit DoS attacks.<ref name="tech"/>

==Additional Resources==
*View the [http://www.icann.org/en/groups/ssac/dns-ddos-advisory-31mar06-en.pdf SSAC's Report on DDoS Attacks]

==Related Pages==
*[[DDoS Attacks]]

==References==
<references/>

[[Category:Bad Practice]]

Navigation menu