Don't let DoS attacks send you to the circus

Posted on October 16, 2000

Sometimes Web sites don't work. They just don't. There are plenty of reasons, including &quot the sun was in my eyes,&quot why a particular site will not work. It's definitely frustrating when you know other sites are working, except the one you want to go to, The Original World Famous Home Appliance Shooting Page, just won't boot.

Servers are sometimes busy. If a bunch of people try to login to a particular site at the same time, they may have trouble getting in. It would be like 25 people trying to enter a door simultaneously. No, not the circus midget trick. But if people go through the door one at a time, assuming the door isn't slammed in their faces, they will get through eventually.

Now what if someone was holding that door closed? Even if you got the door open, he would most likely steal your lunch money, call your mom names and throw you back out. Well, there's something just like a bully on the Internet. He's also the same guy who counts to 10 for everyone at the water fountain but YOU -- five seconds is your best so far. Anyway, it's called the denial of service attack. It's shortened to DoS, which is almost DOS (disk operating system). Some say DOS is kind of a DoS to computers because of its complexity. Anyway, remember the dos and don'ts of DoS and you'll look as cool as sod.

From what?, a denial of service attack is "an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services."

Sometimes these attacks happen by accident, especially if a particular server is unable to handle an obscene amount of requests. You may recall a recent UPS commercial in which a group of people are counting down a new e-business launch. One sale comes in, and everyone cheers. A few more sales are made, and everyone cheers. By the time the spot is over, they have more than 300,000 orders, and everyone is dismayed. Unfortunately, the group failed to make enough doilies in the shape of Jimmy Carter to keep up with that amount of orders. But I seriously doubt the computer had the ability to handle the capacity of orders in the first place, so it probably should have blown up. Another thing, if you expect 300,000 visitors to your site minutes after you launch it, well, I have some FABULOUS watches you should buy.

There are a few DoS types, none of which resemble any former president. The previous example, if one person were trying to deviously put an end to UPS and an unrealistic commercial by setting a program to buy a bunch of stuff, would be classified as a Buffer Overflow Attack. This attack happens if more traffic to a network address is sent than the programmers who planned the original data buffer expected. Other forms of DoS attacks are an SYN attack, Teardrop Attack, Smurf Attack, Viruses and Physical Infrastructure Attacks. Now that I think about it, Rutherford B. Hayes does kind of resemble Papa Smurf. For a better explanation of these attacks, visit the what?is definition page. Or, if you plan to do you thesis on denial of service attacks, visit the resource page. To be truthful for once, though, I didn't view any of the links because I was scared at the potential wealth of knowledge for which I could be held accountable.

When combated with a DoS attack, there are three things you can do:

1. Ignore it.

2. Join the circus.

3. Ask former presidents, dead or alive, if they, too, would like to join the circus.

Another suggestion would be to prevent these attacks from happening. CERT/CC and Symantec show good examples of what the attacks contain and how one might fight against them. Antivirus software and a regularly scheduled backup of important data are two things that will help.

I don't know if you will be able to prevent all DoS attacks; probably not, but it's important to have a good structure in place to repress some attacks. Your company may already be doing this, but it doesn't hurt to double check it. Once you lose everything, there's no going back. The only logical step is to become a trapeze artist.