What is a Denial Of Service Attack?

A type of attack that has gotten a lot of airplay recently is called a denial of service attack. This is an attempt to prevent legitimate users of a service from using that service. Hence the name, denial of service.

One of the most common denial of service attacks is simply sending so much traffic that a web site or service is totally overwhelmed. This might be as simple as sending PING packets (a kind of network message which simply asks "are you there?") so fast that the network itself is denied to other users. This kind of attack is very unsophisticated and relatively easy to stop (the attack can be blocked by a router) but also extremely effective at times.

Hackers often attempt to be more sophisticated, however, and exploit known operating system and router bugs to cause services to be denied. These types of attacks might cause a service to crash, thereby preventing anyone from using it, or they might cause the service to become extremely busy.

As an example, suppose that each time a packet (some network data) is received from the network a small amount of memory is reserved by the operating system. Assume there is a bug in the operating system that if the packet contains something invalid (it is malformed) then this small amount of memory is "lost". Over time the operating system would have less and less memory available. Under normal conditions this might not be noticed, but if tens of thousand of malformed packets were received all of the memory might be used up and the computer could lock up or crash.

A distributed denial of service is even more insidious. In a normal denial of service it's usually pretty easy to block the attack. You simply determine where the TCP/IP traffic is coming from and program your routers or firewall to block any traffic from the address (or of a specific type of message). However, a distributed denial of service gets around this because the attack comes from more than one machine at a time.

What happens is a special piece of code called a Zombie gets installed on a number of computer systems. Oftentimes these zombies are distributed via worms and viruses, and the owner of the system may never be aware that he has become infected.

Anyway, these zombies remain dormant until they are commanded by a hacker to attack. He takes control of the zombies, downloads attack code, tells it the IP address of the target, then cuts loose. The hacker might control a dozen, a hundred, a thousand or in theory millions of these little remote control robots.

Since the attack comes from many different locations all over the internet, it is very difficult to stop or deflect. You cannot just program a router to stop traffic from a specific address or address range - the packets could come from anywhere. 

So how do you protect yourself from these kinds of attacks? First of all, make sure you have good, up-to-date hardware firewalls. A software firewall is not a good defense against denial of service attacks because since the firewall exists on your computer it can use all of your computer's resources to prevent the attack (thus effectively denying you service).

A hardware firewall is not a perfect defense (there really is not a perfect defense), but at least the attack is being deflected off your system. In this case, you might notice a degradation, possibly severe, in your internet line speed.

Also it is critical to ensure that you have a quality anti-virus system installed and that the definitions are completely up-to-date. You might also consider, if you use Outlook 2000, installing the Outlook Email Security patch. This will completely prevent you from being able to open email attachments.

Ensure that your browser, operating system and products are completely up-to-patch. As security problems are discovered companies will release fixes (called patches) to prevent them from being exploited.

Look over the network services that are installed on your system, and disable any that are not needed. A service with a bug cannot be exploited if it is not running.

Of course, be sure you have good backups of all of your data, as denial of service attacks can potentially cause data lose.