FAQ: The ins and outs of DoS attacks

[DKT27]

Thursday's denial-of-service attack that knocked Twitter offline for a few hours and affected Facebook, LiveJournal, and Google Sites and Blogger wasn't your average attack.

Typically, someone who has a bone to pick with a specific Web site will round up some hijacked PCs and use them to try to shut the site down. In this case, whoever was responsible was trying to block access to a specific user's accounts and not the sites themselves.

Denial-of-service attacks aren't always straight forward and this one has its own unique twist. Let's take a look at what happened and why.

What's a denial-of-service attack?

A denial-of-service (DoS) attack is any effort designed to interfere with access to a Web site or Internet service. A common method of attack involves flooding a target server with so many communications requests that legitimate traffic can not get through. This can shut down or slow down the site temporarily.

Web sites aren't the only things that can be targeted in DoS attacks. Unplugging someone's computer is a very basic type of DoS attack.

What's a distributed-denial-of-service (DDoS) attack?

Because Web sites are built to handle a lot of traffic, it can take millions of simultaneous communications requests to have enough affect on the performance of the server for an attack. In a DDoS attack, tens of thousands or even millions of computers are used to send traffic to the target site all at the same time and repeatedly. As Sophos' Graham Cluley wrote on his blog: "It's a bit like 15 fat men trying to get through a revolving door at the same time--nothing can move."

Full Original Article

[DKT27]

So there is no one who wants to know about one of the most problematic attacks on websites(DoS)?

[Toshiro]

Most of us..(i think..) know what Dos attacks are and how they work.. It's quite easy you know. :)

But yea, it's good for the people who didn't know ;)

---

And jup.. spamming myself to 600 posts.. ;\

[manpe]

I know that DDoS attacks took down many Estonian sites back in 2007 after attacks by Russia after the Russians rioted here. Later one member of the duma said that he was behind those attacks... and he didn't seem embarassed or regretful at all, more like bragging. And I know that the first cyber defense centre (Cooperative Cyber Defence Centre of Excellence) was established here, which is now working with NATO to protect the members.

It was the first "cyber war" as such... Russia targeted Estonian banks, government sites, news portals and other crucial sites for weeks, halting the flow of information and money. It was the first "infowar" of its kind, which resulted in reactions from the whole EU and NATO.

-----------------------------------------------

But my question is more like... when big companies and countries are trying to protect themselves with multimillion investments into security, how can an average Joe protect himself from this?

[DKT27]

Well even I know about it. But it surly is a big problem.

@manpe: "how can an average Joe protect himself from this?". By not being famous. ;)

[Toshiro]

@ Manpe.. First.. Just don't go to phissy sites that download virusses @ your PC..

Also don't give your IP to anyone. With an AV that works good + a firewall you should be able to stop such things..

But like DKT27 said.. You're not that important to them, so you don't have to worry. These multibilion companies have like millions of dollars. So they target them first.

[manpe]

I'm not worried about myself... but in general about average internet users.

I remember a long time ago, many years back, I was using Zone Alarm and once it suddenly shut my connection. I didn't understand what was going on and then asked somebody, showed my log and got the answer that I was under a DoS attack. Of course I didn't understand anything about it back then. Was I under attack or not, I don't know.

[Bizarre™]

@manpe:

I don't think someone would be interested enough to DoS or DDoS an ordinary individual.

It will only waste time, effort, and resources.

And regarding ZoneAlarm, it's possible that somebody / something is scanning your PC for open / vulnerable ports.

[DKT27]

There are software that can scan your open port and even know your OS. And they are not even illegal.

[Bizarre™]

@DKT27:

If one has a good firewall on home PC's, DoS or DDoS is almost impossible.

[DKT27]

Well it is great to have a good firewall, but it cannot guarantee from DoS protection. In real doing DoS on PC and Website are both different things.

[manpe]

Well it is great to have a good firewall, but it cannot guarantee from DoS protection. In real doing DoS on PC and Website are both different things. And BTW manpe told me, there was a time he didn't had a firewall.

Yes, many years back when I didn't know anything about security. I only knew how to crack and how to get them from the most suspicious sites :D After finally getting myself educated on security, I scanned my computer and found I believe over a (couple of) hundred different viruses/spyware/trojans. Since then I keep myself protected.

[DKT27]

I like to see people getting advance users in PC. :D

[manpe]

I like to see people getting advance users in PC. :D

Advanced in what sense? :D Compared to occasional user/surfer? Yes, most likely. Compared to you and most of the people here? No, not by a long shot :P

By the way, I found this pic skimming through my pictures

click me

[Bizarre™]

@DKT27:

A complicated DoS or DDoS can only be performed by select people.

What I mean by select, they are either talented in the field or they have a lot of resources.

Surely those people will not bother spending their time and resources to pull a complicated DoS or DDoS just on an ordinary individual?

[DKT27]

@Bizarre™: DoS attacks can easily be done on anyone.

@manpe is that your firewall report? It is surly some DoS. ;)

[Bizarre™]

@DKT27:

You can't just DoS anyone and expect that you will succeed :bag:

If you want to DoS someone, make sure that person doesn't know anything about computers :lol:

[manpe]

@Bizarre™: DoS attacks can easily be done on anyone.

@manpe is that your firewall report? It is surly some DoS. ;)

When I used Outpost FW at some time then yes, I got that.

[DKT27]

When it was? How much time? Months?

[manpe]

When it was? How much time? Months?

It was 2008 august, so a year back.

I found out that I had asked about it in the Outpost support forum, here is the thread:

click me

[DKT27]

They are somewhat wrong and I'm not answering everyone why. Don't Mind. It says that there are DoS attacks done on you, I can see they are really done. Could you surf the net during the thing? If you could then it wasn't.

[Bizarre™]

@DKT27:

Read chrisclu's answer.

[DKT27]

That is what I'm askin to him. Was he able to surf? And the Admin there used word DDoS. I really think DDoS is not very easy. And manpe also told me that someone was trying to trouble him. I don't know whether it is related.

[manpe]

I believe I could surf, but it was slow. As I said, it lasted only for 4-5 minutes.

And on top of that I remember that before those attacks I had some interesting glitch in my system... It was on 1st August, and something was trying to constantly delete/modify something in my registry. At that time I had Ad-Aware teatimer on, and it showed constantly tens and hundreds of blocked attempts to modify my registry. And sometimes my taskbar disappeared (I believed it screwed with Explorer.exe). It was almost impossible to operate normally with my computer during that period (which was about 2-3 days). Nothing, absolutely nothing helped me BUT ComboFix.exe.

Yes, that time was very eventful to me :P

[DKT27]

See I told you. It must be an attack. I have faced some weird attacks recently, I can say the thing that was troubling you was an trojan. Did you use MalwareBytes Anti-Malware? OR Even Microsoft Malicious Software Removal Tool?

They are the programs that have helped me remove every problematic infections from my PC. Of course after my AV. ;) .