Denial Of Service Presented by Stella Nyingi
Contents DoS
demystified Common DOS attacks on NT The Attack Bracing for cyber war Vulnerability Insurance and Liability
DoS demystified Denial of Service (DoS) attacks a denial of service attack on a Web server floods it with bogus requests for pages. The server spends so much time trying to process these requests that it can't respond to legitimate requests and may crash they; Send CPU utilization to 100% Crash the OS Crash a vital service In each case the legitimate users of the computer are affected
Common DOS attacks on NT All the following attacks have been made against various versions of Windows NT Just a selection - there are a lot! Each one has a specific fix Service pack Registry change Hotfix More than one of the above
Attack A TCP connection request is sent to a host from an unreachable address The host allocates resources (memory, sockets) for the connection The host tries to acknowledge the connection but fails The host retries with ever-increasing timeout intervals, for a total of 189 seconds
Alarm What’s
so alarming about the attacks on major Web sites is that there’s no easy way to stop them. The attacks are so simple that the FBI says even a 15-yearold could pull them off. Does this mean the Web is unsafe?
Bracing for cyberspace war
"If somebody wanted to launch an attack, it would not be at all difficult." -- Fred B. Schneider,
Vulnerability Several
sites have been established to do both active and passive scanning of networks to determine whether or not directed-broadcast is enabled.
Cont..d http://www.netscan.org/ is a site which actively scans the IPv4 address space and mails network contacts with information on how to disable them. http://www.powertech.no/smurf/ is a site which will test scan your network and allow you to enter a known smurf amplifier site.
Effect On E-commerce
Drop
in share Prices Drop in sales and service provision Panic
Recent Victims Amazon.com eBay.com CNN.com Buy.com Yahoo
Aftermath of attacks in June 1999 eBay Crashed for about 22 hours. outage sent the company’s stock into a tailspin, causing eBay to lose 26 percent of its value in five days and costing it $5 million in revenues in the second quarter.
also suffered a string of smaller outages in November, lasting a total of four hours during three days. It has since invested more than $18 million in engineering to improve site performance.
Yahoo! Under Attack
A Coordinated Attack Shut Down Leading Web Site for Three Hours
Insurance for Internet Risks The
explosion of the internet, ecommerce and e-mail, and their effect on business, has created a whole new variety of risks for business.
Internet Liability Email, Internet, Intranet and E-commerce users all face increased risks by their activities. Libel - vicarious liability for the content of employees e-mail messages and a direct responsibility for the content of their web-site. Viruses - claims from third parties as a result of damage to hardware and software as a result of a virus downloaded by E-mail or from the website. Unauthorized access - causing a breach of Data Protection legislation
Cont..d Failure
of Web-sites - resulting in financial loss for third parties. Infringement of Copyright - the law of copyright extends to material transmitted on the internet.
Cover under the policy includes Negligent acts, errors and omission. Infringement of third party intellectual property rights Breach of Confidentiality Loss of Documents Libel and Slander Downloading viruses to third parties Liability arising out of Data protection legislation Compensation for Court attendance
Cont..d New
York insurance consultant Marsh USA Inc. has launched a new insurance program to help companies cover ebusiness exposures. The program, NetSecure, covers a variety of Internetrelated problems, such as server outages, internal security breaches and denial-ofservice assaults
Policing the Internet The
recent attacks on Web sites prompted the government and Internet community leaders to consider ways to protect the Net. But if you start regulating cyberspace, will it ruin all the fun?
Government concern President
Clinton convened a summit to make the Web more secure The FBI is conducting interviews with hackers, computer security experts and anyone else who might have knowledge about the incidents. Suggestion:create a mechanism to
Conclusion
Unfortunately,DoS
attacks currently have no foolproof way of preventing.