Difference between revisions of "DoS Attack"

This information is brought to you by DNS Seal, a best practices wiki for DNS.

DoS Attacks, or Denial of Service Attacks, involve making a website or server unresponsive and inaccessible.^[1] This can be accomplished through flooding a website with so much traffic that it can no longer respond to queries or by using bugs in the system's security to "destabilize" it.^[2] A distributed denial of service attack (DDoS Attack) is one form of DoS attack that is particularly dangerous and has receive a lot of attention in the last few years.

Public Perception

The public perception of DoS attacks is largely negative. DoS attacks affect not only the website or server that is taken down but also all of the user or consumer activity on the site.

Outcome

The outcome of DoS attacks is that websites are unavailable to users which may hurt the site's credibility and/or financial viability.

Historical Use

DoS attacks are used to take sites or servers offline or to make them otherwise inaccessible to users. Reasons for DoS attacks include protests via hacktivism and criminal intent.^[3] There are multiple methods that can be used to perpetrate a DoS attack. Some examples are:

• Teardrop Attack: in this attack, the attacker sends "IP fragment packets that are difficult to reassemble."^[4][5] Failure to properly reassemble the fragments may cause errors to occur.

• Ping of Death or Long ICMP: this attack causes system failure by sending a "an IP packet larger than...allowed by the IP protocol."^[4][6] Fixes for this attack were made readily available in 1997.^[6]

• Smurf Attack: this attack works by sending ping request packets in mass while using a forged IP address.^[4]

• Ping of Flood: this attack executed by "overwhelming the victim's network with ICMP Echo Request (ping) packets."^[4]

• SYN Flood: Syn floods overload servers by repeatedly asking to join the network and then never accepting the request.^[2] Legitimate users are the blocked from connecting.^[2][4]

• Mail Bomb: this attack is aimed at disrupting mail servers. This attack occurs when a massive amount of emails are sent that have large attachments.^[4]

• DDoS Attack: this attack involves simultaneous flooding a website or server with traffic originating from multiple sources. See the DDoS Attacks page for more information.

ICANN Policy

• ICANN has no policy that specifically addresses DoS attacks. However, ICANN does address DDoS attacks in blog posts^[3] and in a Security and Stability Advisory Committee (SSAC) advisory. ICANN's blog discusses the issues of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and internet service provider (ISP).^[3] If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.^[3]
  • Read ICANN's blog post on Reporting DDoS Attacks.

Legislation

• Computer Fraud and Abuse Act (CFAA): This act, last amended in 2008,^[7] prohibits damage to another person's computer and the unauthorized use of another person's computer.^[8][9] Harm or damage defined under the CFAA is "any impairment to the integrity or availability of data, a program, a system, or information."^[10] Committing a DoS Attack often falls under these requirements, separate from any other criminal threats or demands that may have occurred.^[10] In relation specifically to DDoS attacks, if the hacker used a botnet to perpetrate the attack, he or she could be charged under CFAA in addition to facing civil suits.^[11] DDoS attackers can also face jail time.^[12]

• Additionally, many internet service providers (ISPs) and Internet-based companies have terms in their user agreements that directly or indirectly prohibit DoS attacks.^[10]

Additional Resources

• View the SSAC's Report on DDoS Attacks

Related Pages

• DDoS Attacks

References