Lets hear from the pro's

On Fri, 16 Jan 2004 00:10:41 GMT, Rowdy Yates
<> wrote:

>So I watched this BBC news item on criminal activity on the internet.
The
>deal is, these people go around researching companies, find a target
and
>then stage a DoS attack on the company, demand money ransom and don't
stop
>until they get the $$$. Basically, "Internet extortion"...
>
>Here's the link....
>http://news.bbc.co.uk/1/hi/business/3265423.stm
>
>Shouldn't this stuff be easily stoppable & trackable by counter
measure
>technology? Or am I wrong...?

DoS attacks are very difficult to trace, because they are almost
always bounced off another system or use forged IPs.l. In an
old-fashioned SYN flood attack, for example, an attacker sends lots of
TCP SYN packets to a target, attempting to open connections and starve
the target of memory, bandwidth, or CPU cycles. But the attacker will
forge the source IP, usually of a non-existent address or addresses.
So, the target sends a TCP ACK back to the phony addresses, and never
receives a reply, but it still holds the conneciton open expecting a
completion eventually, usually for 60 seconds. If enough SYN packets
are sent, the target's connection queue is used up and no more new
connections can be made. In some cases, the target may run out of
memory or run out of CPU cycles and crash. If the target is on a
relatively slow connection compared to the attacker(s), the connection
may simply become saturated.

The following is one of the better sources on DoS, even thought there
are some important ones it doesn't talk about like IGMP and malformed
header attacks:
http://www.riverheadnetworks.com/re/...dos_tools.html

These have some good info too:
http://www.csm.ornl.gov/~dunigan/oci/bktrk.html
http://www.securityfocus.com/infocus/1729
http://www.insecure.org

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 et yahoo dot com

sponge