Denialof Service

One type of attack isn't designed to give the attacker access to your computer; it's intended to deny you access to your own computer or network. This attack form is known as a denial-of-service (DoS) attack. DoS attacks can take several forms. One common one is to flood your network with garbage data. With your network overloaded, you can't use it for real work. Such attacks are frequently launched from many computers simultaneously—a variant known as a distributed DoS (DDoS) attack. Crackers sometimes use simple Trojan horse programs (known as zombies, bots, or zombie bots), installed on innocent individuals' computers through social engineering, to launch attacks on specified targets. Even if the zombie bots run on systems with low-speed dialup Internet connections, collectively they can saturate a high-speed Internet connection. Another technique is to use tricks to get the target computer to generate more in the way of reply traffic than it receives from the attacker, thereby allowing a poorly connected attacker to bring down a site with much greater network bandwidth. Configuring your system to not respond to certain common types of network accesses, such as pings, can at least keep your systems from aiding the attacker by generating return traffic.

DoS attacks are frequently targeted at the victims' Internet connections. Properly configured firewall computers can easily block these attacks, keeping them from affecting internal networks. Nonetheless, the damage done by loss of the Internet connection can be severe. There's very little you can do to protect yourself from such an attack. Once it's begun, you can contact your ISP, who may be able to take steps to block the attacking packets or change your IP address range.

DoS attacks aren't limited to network connectivity, though. Some attacks have been designed to take advantage of bugs in OSs or software to crash computers, or at least specific servers. Other attacks may rely on your own logging tools to cause problems by flooding your system logs so that they expand to fill the partitions on which they reside. You can prevent damage from DoS attacks designed to crash your computer by upgrading affected software, much as you would upgrade any other buggy software. Logging tools are increasingly using algorithms that are smart enough not to log many identical messages, so attacks aimed at your system logs are less likely to succeed than they once were. Nonetheless, you might want to forego logging of unimportant information. For instance, you can configure tools such as Snort or iptables to log every instance of a ping of your computer; but doing so opens you up to a simple DoS attack based on pings filling your logs. Unless you have a specific reason to log such access, it's probably better not to do so.

Note Worms—even those targeted at non-Linux platforms—may have effects similar to DoS attacks. They consume network bandwidth and, if you've configured a firewall or intrusion detection software to log suspicious activities, the rapid-fire worm probes may bloat your log files to uncomfortable levels. Similar comments apply to unsolicited bulk e-mail (spam); ISPs sometimes see the same spam coming from many sites simultaneously, much as in a DDoS attack.

0 0

Post a comment