A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Denial of Service

An attack whereby excessive traffic is sent deliberately to a connection

Denial of service (DoS) attacks interfere with an Internet connection by deliberately sending more traffic to the connection than it can handle. A network is designed to be able to handle only a certain amount of traffic, so when this level is exceeded it won't let any more connections be made, like a telephone sending out a busy signal. This causes problems not only for the computer that's being bombarded with traffic, but also for the computers that are legitimately trying to make a connection with that computer.

A distributed DoS attack (DDoS) involves multiple unsuspecting computers in the attack. The attacker forms an attack network by looking for computers that are highly vulnerable. This may be because they have no anti-virus software, their virus definitions aren't up-to-date, or they do not have the latest operating system or other software patches.

The intruder installs programs that will carry out the DoS attack on these computers, and each added computer then recruits more computers for the attack network. Once the network is built, the intruder attacks the targeted system. Attacks can be performed from different legal jurisdictions, time zones, or IP addresses to reduce the risk of being discovered. Using a different, or "spoofed," IP address from that of the attacker's machine makes it difficult to detect the source of an attack.

Most DoS attacks are temporary and easy to recover from. However, if your site lets users upload files onto it, then an attacker could fill up your hard disk with data. This kind of DoS attack lasts until you go to your computer and remove the uploaded files.

When your hard disk is full, system services that need disk space could fail, and attackers could use this to their advantage. For example, if the system that tracks who tries to get onto your computer can’t save any more data, then an attacker can try to break into the system without being recorded.

A DoS attack can make downloading content from your site take a long time, and it can even keep people from getting to your Web site at all. Desktop systems are generally not designed to handle many connections at the same time, so hosting a Web server on your own computer can slow down everything else you want to use that computer for.

Protective Measures

Practices

  • Protect your usernames and passwords: If you use a username or password to access your Web site, don't leave this information around the workplace in written form or on your computer in electronic form. People who gain access to this information could use it to damage your site.

  • Increase your Web server's computing resources: If you expect a lot of traffic on your site, you may want to supply your computer with additional resources. Add memory (RAM) and upgrade your network connection to provide more bandwidth. Upgrading to a faster processor or larger hard disk can also help.

Settings

  • Create a separate hard drive partition for Web server activities: If you are running your own web server at home, you can divide your hard drive up into separate areas for different uses, which is called creating a partition. Create a partition on your hard drive just for your Web server, and configure the server to place uploaded files there. A DoS attack will then be able to take up only that space on your hard drive, leaving the rest free. You can learn how to partition your hard drive in Windows XP  or Windows Vista  from Microsoft Help and Support. Symantec's Norton PartitionMagic  is another tool you can use to partition your hard drive.

Tools

  • Bandwidth-limiting software: This software allows you to limit the amount of bandwidth (or Internet connection resources) that each application on your system uses. This makes sure that your system reserves enough of its bandwidth for your normal networking activities. NetLimiter  and Bandwidth Controller  are two tools you can use to limit your bandwidth.

Connect Safely from Different Places

Office

If you publish a personal site on a remote server and you would like to update your site from your office, make sure that your company policy allows this.

Privacy Issues

If your computer is acting strangely and you find that you can no longer access the Internet, someone may be using it to launch a DDoS attack. If you think this may be the case, call your Internet Service Provider for help.

Related case studies

Links

References

Filing a complaint

If you have a problem related to publishing content on the Web, contact your Internet service provider (ISP) for assistance.

My home page