A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Denial of Service

An attack whereby excessive traffic is sent deliberately to a connection

Denial of service (DoS) attacks interfere with an Internet connection by deliberately sending more traffic to the connection than it can handle. A network is designed to be able to handle only a certain amount of traffic, so when this level is exceeded it won't let any more connections be made, like a telephone sending out a busy signal. This causes problems not only for the computer that's being bombarded with traffic, but also for the computers that are legitimately trying to make a connection with that computer.

A distributed DoS attack (DDoS) involves multiple unsuspecting computers in the attack. The attacker forms an attack network by looking for computers that are highly vulnerable. This may be because they have no anti-virus software, their virus definitions aren't up-to-date, or they do not have the latest operating system or other software patches.

The intruder installs programs that will carry out the DoS attack on these computers, and each added computer then recruits more computers for the attack network. Once the network is built, the intruder attacks the targeted system. Attacks can be performed from different legal jurisdictions, time zones, or IP addresses to reduce the risk of being discovered. Using a different, or "spoofed," IP address from that of the attacker's machine makes it difficult to detect the source of an attack.

Some game players use DoS attacks on game servers to lower the performance of other players and thus get a better score. DoS attacks against private individuals are rare, since there is usually little to be gained; however, attacks against businesses are more frequent. The best way to protect yourself from DoS attacks is to keep your IP address (the address your computer is identified by on the Internet) private.

Protective Measures

Practices

  • Check for telltale signs of a DoS attack or distributed DoS attack network: The following could be signs that your computer is subject to a DoS attack or has been made part of a distributed DoS attack network:

    • Your computer runs noticeably more slowly than usual
    • Your Internet connection is slower than usual
    • The activity lights on your high-speed (cable or DSL) modem are solid (i.e., on almost all of the time)

  • Report suspicious activity to your Internet Service Provider (ISP): Call your ISP if you believe you are under DoS attack or have been made part of a distributed DoS attack network. Follow the instructions they provide.

  • Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

  • Download software from trusted sources only: DoS attacks usually use “zombie PCs” to launch their attacks. Zombie PCs are computers that have certain types of malware installed on them that allow someone to remotely control them. One way malware can get into your computer is through infected software. By preventing malware from being installed on your computer, you can keep your machine from becoming a zombie.

  • If you use a DSL or cable modem connection, turn it off when you're not using your computer: As long as your DSL or cable modem connection is active, other users on the Internet can try to get into your computer. Once you have closed the connection, this is no longer possible.

  • Do not host any games: When you host a game server that announces your address on the Internet, you make it easy for an attacker to find your IP address. Most popular games have many public servers that are hosting games. If you have no special requirements, you should play on one of these public servers, rather than hosting a game of your own.

Settings

  • Disable GameSpy: GameSpy is software that allows users to search for online game servers. It does this by running a master server that keeps track of which servers are online. You can set your game server software to not report its presence to the GameSpy master server. Disable GameSpy reporting if your software supports it and you do not want users from GameSpy to join your game. This software has a flaw that could allow someone to use your computer to launch a DoS attack.

Tools

  • Router: Information is sent across the Internet in chunks of data called packets, with each packet containing the address of its destination. An Internet router looks at this address and figures out where to send the packet. A router with stateful packet inspection (SPI) throws away any packets that are not formatted correctly. This can protect you from DoS attacks since these attacks often use malformed packets.

    Routers also offer network address translation (NAT), which allows multiple computers to use a single Internet address. When many computers share an address, it is hard for an attacker to send packets directly to one computer on the network. This makes DoS attacks more difficult. Most modern routers come with both SPI and NAT.

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

Connect Safely from Different Places

Office

Keep in mind that when you host a game server on a corporate network, you use the bandwidth that you share with all your coworkers. The extra traffic could slow down their Internet connections and prevent them from doing their work. If your server is targeted by a DoS attack, your company’s Internet connection may be overwhelmed to the extent that nobody can receive any information, including email, from outside sources. If this happens, you could face severe consequences from your company. We recommend you get permission from your IT department before hosting any game on your corporate network.

Mobile

If your mobile device is acting strangely, and you find that you can no longer access your mobile network, or your mobile device shuts down repeatedly, your device may be suffering a DoS attack. If you think this may be the case, call your mobile device service provider for assistance.

Keep your mobile device up-to-date by regularly downloading security patches and fixes for all the software installed on it. Patches will close known security holes, including vulnerabilities to DoS attacks. Download game patches only from the software publisher’s Web site or any official mirror sites they may provide. If you have any problems, contact your mobile device manufacturer's support center for information on obtaining software upgrades for your device.

On the road

You are more likely to experience a DoS attack in a public environment since public computers can be more easily tampered with. When you use your own laptop in public spaces you become part of a public network, leaving you susceptible to attacks from anyone using the same network.

Keep in mind that when you host a game server on a public network, you share that network’s bandwidth with all the people using it. Extra traffic could slow their Internet connections and prevent them from accessing online resources. If your server is targeted by a DoS attack, the public network you are using may be overwhelmed to the extent that nobody can receive any information. You should get permission from the system administrator of the public computer or the public network you are using before hosting any game.

Ethical Issues

Downloading or playing games takes up network resources that you share with your coworkers. Be aware of the resources you use, and make sure that your gaming activities are not disrupting the work of others.

Legal Issues

Some online games can involuntarily create a denial of service attack on a server or computer because of the large amount of traffic they produce. Denial of service attacks are illegal, so if such an attack is traced back to you, you could face severe consequences. Ask for permission before you play games at work or public network, and check with your system administrator if there is the possibility that playing a game could overload the company's Internet connection.

Privacy Issues

Avoid broadcasting your IP address, since this can make you a target of a DoS attack. Any data you send on the network could be intercepted by somebody listening to the network traffic, so if you must use the Internet in a public place, make sure that the connection is encrypted.

If your computer is acting strangely, and you find that your Internet access is extremely slow, or that you can no longer access the Internet, someone may be using your computer to launch a DDoS attack. If you think this may be the case, call your Internet Service Provider for help.

Related case studies

Links

References

Filing a complaint

My home page