[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive]

[an error occurred while processing this directive]

















Tech Update 
A rogue's gallery of denial of service attacks
If you think it's bad now...
By Steven J. Vaughan-Nichols
July 11, 2001

[an error occurred while processing this directive]

DDoS attacks are only going to increase. As the Internet expands, more people are getting broadband access, giving crackers more unprotected systems to exploit.

Adding fuel to the fire, Windows XP, which Microsoft is positioning as the next mass consumer operating system, will use "raw" TCP/IP sockets. Normally, programmers write applications to use a specific socket--a software object that connects applications to TCP/IP--associated with that function.

TCP/IP also defines a SOCK_RAW socket type, or a raw socket. Not all operating systems support these, but Unix and Windows XP do. By using raw sockets a programmer can write code that can call on any TCP/IP socket. While handy for programming beyond the normal TCP/IP standards, raw sockets lend themselves to spoofing and building rogue applications like DDoS zombies, because they allow developers to use commonly used sockets in unexpected ways. For example, with raw sockets you can build a DDoS attacker that gets its instructions using socket 80--the Web's Hypertext Transfer Protocol (HTTP) socket of choice.

[an error occurred while processing this directive]
like DDoS zombies, because they allow developers to use commonly used sockets in unexpected ways. For example, with raw sockets you can build a DDoS attacker that gets its instructions using socket 80--the Web's Hypertext Transfer Protocol (HTTP) socket of choice.

While Windows 2000, Unix, and its descendents, Linux and the BSD operating systems, also have raw sockets, these operating systems tend to be in technically adept hands. These users, while they may not always police their own systems the way they should, often know how to lock their systems down. XP, however, which will be in the hands of anyone buying a new system from Circuit City, is far less likely to have expert administrators looking out for new DDoS agents.

Because of this, experts, like Steve Gibson of Gibson Research Group predict that the current explosion of DDoS attacks (4,000 a week by Gibson's estimate) will vastly increase. Theoretically, this could lead to the Internet itself slowing from hundreds of thousands of DDoS attacks.

 Previous page |   1 2 3 4 5 6 7 
Next page 

[an error occurred while processing this directive]




[an error occurred while processing this directive]
1. A rogue's gallery of denial of service attacks
2. Breaking TCP/IP implementations
3. Breaking TCP/IP
4. Brute force
5. Distributed DoS
6. If you think it's bad now...
7. What can you do?


ARTICLES
Of zombies and script kiddies: Distributed denial-of-service attacks





TECH UPDATE TODAY DAILY:
Dan Farber and David Berlind deliver daily insights on the business and technology news that matters to enterprise IT.


Enterprise Alerts
IT Management
IT Professionals
Online Shopping
System Administration
Linux

Manage My Newsletters




[an error occurred while processing this directive] [an error occurred while processing this directive]