Deconstructing DoS attacks
Denial of service (DoS) attacks have made headlines in the last year by assaulting a number of large and very successful companies. A rash of hits roughly a year ago left the e-industry aware of how vulnerable it is. The recent attacks against Microsoft are a not-so-gentle reminder. When large, smart companies, including the likes of Yahoo, Amazon, CNN, and Microsoft, fall victim to DoS attacks, can any of us feel safe? Why are successful companies, which ought to know better, seriously and publicly affected by attacks perpetrated by less-than-brilliant hackers? Finally, what can you do to defend your site?
How DoS attacks work
The main thing that makes DoS attacks so hard to fend off is that, at least on the surface, they look like valid traffic. The basic difference between legitimate visits and attacks is the intent -- along with the volume, frequency, and source of the traffic. Normal traffic to a mail server might come in spurts and waves, but an attack against sendmail entails a barrage of messages in close proximity -- so close that the service cannot keep up with the volume and crashes or hangs. In fact, a DoS attack will likely bring the system itself to a halt. If the server doesn't run out of swap space, it will probably run out of process space or network connections. It's also likely to suffer from network congestion problems. In addition to the difficulty of differentiating attacks from normal traffic, it is hard to effectively slow down or control the traffic comprising the attack.
Noted security expert Steve Bellovin has pointed out that DoS attacks are cheaper to launch than to deal with. The effort involved in launching attack is almost always minimal compared to the effort involved in fending off or recovering from the attack.
DoS attacks are hard to characterize because what they have in common is their overall effect, not the technique by which they're carried out. DoS attacks can seek to flood a network with traffic or to modify a router's configuration. The goal of both methods is to deny legitimate users access. The various means of achieving that goal have little in common.
Typical DoS attacks involve:
- Jamming networks
- Flooding service ports
- Misconfiguring routers or other critical devices
Efforts to flood a network, for example, can block or slow all communication between servers and clients, making it difficult or impossible for any work to be done. Excessive traffic to a specific service port on a server, on the other hand, might make that service or server unusable.
In a DoS attack against sendmail, hundreds of thousands of messages can be sent in a short period of time; a normal load might only be 100 or 1,000 messages an hour. If a DoS attack is noticed in time, a service can be shut down while the organization rides out the attack. That cannot always be done without repercussions, though. Attacks against sendmail might not make the front page, but downtime on major Websites will. For companies whose reputation
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
