display | more...
Distributed Denial Of Service attack, launched with tools such as trin00, tribe flood network or stacheldraht.

It was reported that Yahoo was receiving data at the rate of 1 gigabyte per second at the peak of the ddos attack on it in February 2000. In future years this will sound trivial but currently this is an astounding amount of data. It really raises the question of whether the problem was just faulty network hardware.

Popular DDoS attacks include: TFN, TFN2k, Trin00, Stacheldraht, and FunTime Apocalypse. Also named smurfing.

A DDoS attack consists of pinging a broadcast server with a forged IP signature. The broadcast server then sends that packet to its minions (other servers with the DDoS software installed), and they in turn ping the IP that was forged. This floods the computer being attacked with ping requests, which brings down the network it's on, and/or uses up system resources, and/or knocks the computer off of the internet.

A denial of service attack that uses two or more sources to flood the victim with data, the goal usually being to saturate the victim's network bandwidth or cause their machine to waste precious processor cycles dealing with the influx of data.

These days, distributed denial of service attacks (DDoS) are extremely common. Major corporations and popular websites are primary targets. Sadly, the only reason DDoS attacks aren't completely preventable is that so many operating systems have implemented the UNIX Sockets TCP/IP stack, which unnecessarily allows extremely low-level access to the network core via raw sockets. Using raw sockets on a system with a UNIX Sockets TCP/IP stack, any halfway-competent programmer can spoof (fake) his/her source IP address. This means the programmer can make IP packets look like they're coming from somewhere they're not, which makes it difficult to trace or effectively block a DDoS attack.

When a cracker or script kiddie feels like launching a DDoS attack, there are just two simple steps they have to take:

  1. Install trojans on lots of unsecure machines. This is usually done by exploiting known security holes in operating systems or software. Once the trojan is installed, it can report back to its owner and wait for a signal. These machines are known as zombies.
  2. When enough zombies have been infected with the trojan, a single command can be sent that will tell all the machines to begin sending packets to a victim's machine.

This massive amount of traffic, originating from multiple sources and all targeted at one machine, can completely saturate even the biggest Internet connections. Since each source machine is only sending a small amount of data, their bandwidth requirements are very low. But when all these packets hit the target at once and keep on flooding in, it can wreak havoc.

Log in or register to write something here or to contact authors.