Lets hear from the pro's

Discussion in 'Computer Security' started by sponge, Jan 16, 2004.

  1. sponge

    sponge Guest

    On Fri, 16 Jan 2004 00:10:41 GMT, Rowdy Yates
    <> wrote:

    >So I watched this BBC news item on criminal activity on the internet.

    The
    >deal is, these people go around researching companies, find a target

    and
    >then stage a DoS attack on the company, demand money ransom and don't

    stop
    >until they get the $$$. Basically, "Internet extortion"...
    >
    >Here's the link....
    >http://news.bbc.co.uk/1/hi/business/3265423.stm
    >
    >Shouldn't this stuff be easily stoppable & trackable by counter

    measure
    >technology? Or am I wrong...?


    DoS attacks are very difficult to trace, because they are almost
    always bounced off another system or use forged IPs.l. In an
    old-fashioned SYN flood attack, for example, an attacker sends lots of
    TCP SYN packets to a target, attempting to open connections and starve
    the target of memory, bandwidth, or CPU cycles. But the attacker will
    forge the source IP, usually of a non-existent address or addresses.
    So, the target sends a TCP ACK back to the phony addresses, and never
    receives a reply, but it still holds the conneciton open expecting a
    completion eventually, usually for 60 seconds. If enough SYN packets
    are sent, the target's connection queue is used up and no more new
    connections can be made. In some cases, the target may run out of
    memory or run out of CPU cycles and crash. If the target is on a
    relatively slow connection compared to the attacker(s), the connection
    may simply become saturated.

    The following is one of the better sources on DoS, even thought there
    are some important ones it doesn't talk about like IGMP and malformed
    header attacks:
    http://www.riverheadnetworks.com/re/known_ddos_tools.html

    These have some good info too:
    http://www.csm.ornl.gov/~dunigan/oci/bktrk.html
    http://www.securityfocus.com/infocus/1729
    http://www.insecure.org

    Sponge
    Sponge's Secure Solutions
    www.geocities.com/yosponge
    My new email: yosponge2 et yahoo dot com
    sponge, Jan 16, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. christiane kewitz
    Replies:
    1
    Views:
    569
    Pavel A.
    Feb 13, 2005
  2. Rowdy Yates

    Lets hear from the pro's

    Rowdy Yates, Jan 16, 2004, in forum: Computer Security
    Replies:
    12
    Views:
    736
    Richard Steinfeld
    Jan 25, 2004
  3. estella aguilar

    hear ye, hear ye.help is needed.......

    estella aguilar, Aug 27, 2006, in forum: Digital Photography
    Replies:
    55
    Views:
    1,086
    estella aguilar via PhotoKB.com
    Sep 1, 2006
  4. Hermes
    Replies:
    0
    Views:
    384
    Hermes
    Mar 26, 2007
  5. Max Ambient
    Replies:
    2
    Views:
    334
    Lawrence D'Oliveiro
    Dec 16, 2004
Loading...

Share This Page