Denial of Service FAQ

What is DoS?

DoS stands for Denial Of Service.

A Denial of Service attack is one that makes the service unavailable for legitimate users. For example, Pizza Pizza could suffer a Denial of Service attack if someone cut their phone lines. Another way of giving them a DoS attack would be to call them to ask the time of day (or what their hours are), and then keep doing that, over and over. They would be so busy taking phone calls that don't generate pizza orders that they would have no operators or phone lines (resources) left to handle legitimate customers.

This is the basic technique that was used in the recent DoS attacks on the Internet. The simplest attack to understand is to have a computer generate HTTP requests (web page hits) on the site, on the page which requires the most behind-the-scenes processing. Since the request is small, and easily repeated, the attacking computer can easily request the page thousands of times per second (I've heard reports that in the recent DDoS attacks, it went to millions of times per second). Each request causes the server to need more processing, and eventually it simply chokes under the incredible demand for its pages.

What is DDoS?

DDos stands for Distributed Denial of Service. You see, one way of preventing DoS attacks is to set up automatic filters which block repeated identical requests from the same source, since a given user has no reason to want to see the same page over and over. This is where DDoS comes in. Since you could filter (and, for that matter, easily track down) a single source DoS attack, the attackers have found a way to beat that. DDoS attacks are performed by cracking into a large number of powerful computers (which have nothing to do with either the attacked system or the attacker) and using their resources to generate the thousands of requests. The site under attack is now faced with an overwhelming number of requests, but they are not all coming from the same source, so they cannot easily provide a filter to exclude the illegitimate requests without also excluding their legitimate users.

Also, even once the administrators have tracked the source of the overload, they can identify only the intermediate machines, which were cracked, not the actual attacker. So DDoS also provides a way for the attacker to cover his or her tracks.

Is my home computer likely to be the target of a DoS attack?

No. There are several reasons for this, but the simplest is that you have no customers to whom you are providing a service. No service -- no denial of service.

Is my confidential information on these sites at risk?

No. Denial of service is just that: denial of service. The attack itself simply prevents the site from providing any service. The attackers never need direct access to the site, and this form of attack is incapable of pulling any extra information from the site. There remains, however, the possibility that someone could use a DoS attack as a smoke screen to distract the site administrators from another, more malicious, attack at the same time. There is no evidence that the recent attacks were anything other than DoS.

Could my home machine be used in a DDoS attack?

Probably. If you have a machine which is connected to the Internet, then it can be used in a DDoS attack. All that the attacker has to do is get some software onto your machine and then instruct that software to begin a DoS attack on the desired target.

Will my home machine be used in a DDoS attack?

Probably not. Even if it has a high-speed connection, the average home computer is simply not capable of generating enough traffic to be useful in a DoS attack. Someone may eventually try to do a DDoS using home computers, but since so many more computers would be required for an effective attack, the attacker would have to get his software onto a lot more machines, and there is a good chance it would be detected before he could activate it.

Should I protect myself?

Absolutely. This is a real threat, even if not a very large one. You should treat it with the same seriousness as the possibility of viruses.

How can I protect myself?

The same way as you do against viruses. Practice safe browsing. Never download anything from a site you don't trust. Keep Java and JavaScript turned off unless you know the site you're visiting.

If you have a dial-up connection (you dial the phone through a modem each time you go on the Internet), then you are safer, because the permanent connections give crackers more of a chance to detect your system. I've heard that cable is less secure than DSL because the local neighbourhood is treated as one broadcast network, which means that a nearby cracker can actually watch the traffic to your home machine. I don't know the network topology for DSL, so I don't know how true this argument is.

When you are off line (with a dial-up connection), you are completely safe. You cannot be used as a DoS agent, nor can anyone perform a DoS attack against you, because your machine is isolated. In a DSL or cable modem network, however, this would be equivalent to disconnecting the high-speed connection.

If your machine supports server applications (that is, if you are running a web server or an FTP server), then your machine allows outside parties to connect, which provides a potential security hole that can be exploited even when you are not at your machine. You should make sure you know what you're doing, and protect the services you provide, not only for the sake of your own users, but for the sake of those other users out there. Making the Internet safer is important for us all.

Want to:
Read more from the programmer's soapbox?
- Read Awk Words.
- Look at my AWK scripts.
- Read Robert's Rules Of Coding.
- Go back to the front gate.
- Visit another wagon.

Page maintained by Rob.