Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Lets hear from the pro's

Reply
Thread Tools

Lets hear from the pro's

 
 
sponge
Guest
Posts: n/a
 
      01-16-2004
On Fri, 16 Jan 2004 00:10:41 GMT, Rowdy Yates
<(E-Mail Removed)> wrote:

>So I watched this BBC news item on criminal activity on the internet.

The
>deal is, these people go around researching companies, find a target

and
>then stage a DoS attack on the company, demand money ransom and don't

stop
>until they get the $$$. Basically, "Internet extortion"...
>
>Here's the link....
>http://news.bbc.co.uk/1/hi/business/3265423.stm
>
>Shouldn't this stuff be easily stoppable & trackable by counter

measure
>technology? Or am I wrong...?


DoS attacks are very difficult to trace, because they are almost
always bounced off another system or use forged IPs.l. In an
old-fashioned SYN flood attack, for example, an attacker sends lots of
TCP SYN packets to a target, attempting to open connections and starve
the target of memory, bandwidth, or CPU cycles. But the attacker will
forge the source IP, usually of a non-existent address or addresses.
So, the target sends a TCP ACK back to the phony addresses, and never
receives a reply, but it still holds the conneciton open expecting a
completion eventually, usually for 60 seconds. If enough SYN packets
are sent, the target's connection queue is used up and no more new
connections can be made. In some cases, the target may run out of
memory or run out of CPU cycles and crash. If the target is on a
relatively slow connection compared to the attacker(s), the connection
may simply become saturated.

The following is one of the better sources on DoS, even thought there
are some important ones it doesn't talk about like IGMP and malformed
header attacks:
http://www.riverheadnetworks.com/re/...dos_tools.html

These have some good info too:
http://www.csm.ornl.gov/~dunigan/oci/bktrk.html
http://www.securityfocus.com/infocus/1729
http://www.insecure.org

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 et yahoo dot com
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Hear Ye Hear Ye] 0lde Timers - War3z Hounds - 0ne and All.... Hermes Digital Photography 0 03-26-2007 07:28 AM
hear ye, hear ye.help is needed....... estella aguilar Digital Photography 55 09-01-2006 02:37 AM
Review: Lets get a T@2 Part 1 Silverstrand Reviews & How-To's 0 06-20-2005 02:34 AM
Re: Awesome. Lets Hear It For Google And The Internet Max Ambient NZ Computing 2 12-16-2004 09:40 PM
Lets hear from the pro's Rowdy Yates Computer Security 12 01-25-2004 01:22 AM



Advertisments