May 2000

TechCenter

Denial of Service Attacks

By Kevin Lewis

The Denial of Service (DoS) attacks that occurred in February against major websites have had an enormous effect on the Internet community. The attacks have made the business community sensitive to website vulnerability and the ease with which hackers can stop e-commerce revenue streams. DoS attacks are not a new form of attack, nor are they very complicated to carry out. Most firewalls know how to repel them if configured properly, and most good network administrators can trace the attack's origin with relative ease.

DoS attacks overload websites with continuous streams of badly formed Internet Protocol (IP) packets. An attacking machine generates what appear to be normal messages, such as User Datagram Protocol (UDP) packets. In a UDP DoS attack, the packets trick the server into thinking the packets have come from the same server that receives them. The burden of trying to respond to this flood of miscommunications causes the victimized server to eventually become unable to accept any more connections.

Another form of DoS attack enlists the aid of so-called zombies, unknowing machines across the Internet that put an extra layer between the attacker and the victim that both amplifies the attack and obfuscates the attacker. To accomplish a DoS attack with zombies, the hacker takes control of a few machines that will act as masters to coordinate the attack. This unlimited number of broadcasters actually runs the programs that generate the DoS attack. The attacker then uses these machines to attack his or her target, which is usually one or more machines on the same network that will have to respond to the traffic generated by the broadcasters. The broadcaster machines announce their presence and readiness to the three or four host machines. Using strong encryption techniques, the attacker distributes a list of target IP addresses to the master.

The master machines then instruct the broadcasters to simultaneously launch a DoS attack against these IP addresses using fraudulent source addresses. This form of attack presents an almost unstoppable threat to all Internet-connected machines. Since the attack comes from many different machines, would-be victims must either disconnect from the Internet or deny access to all clients in order to fully protect themselves.

There is no way to prevent a DoS attack, but there are many free tools that allow you to block them. See the accompanying box for the websites of some of these tools and additional details on this topic. For more information, please contact NYSSCPA Chief Technology Officer Kevin Lewis at (212) 719-8340, (800) 633-6320, or klewis@nysscpa.org


Home | About Us | Continuing Education | Future CPAs | Government Affairs | Professional Resources | Publications | Sound Advice | Tax Resources
Chapters | Committees | Member Center | Events Calendar | Classifieds | Careers | E-zine Subscriptions | The Trusted Professional | The CPA Journal



Search | Site Map | Become a Member | Jobs | Press Room | Contact Us | Feedback

©1997 - 2008 New York State Society of Certified Public Accountants. Legal Notices