58     Chapter 2 • General Security Concepts: Attacks

             system. Rather, a successful DoS attack reduces the quality of the service delivered
             by some measurable degree, often to the point where the target infrastructure of
             the DoS attack cannot deliver a service at all. In early 2000, high profile sites like
             Yahoo, eBay, CNN, and Amazon were hit by DDoS attacks that crippled their
             availability for hours.
                 A common perception is that the target of a DoS attack is a server, though this
             is not always the case.The fundamental objective of a DoS attack is to degrade ser-
             vice, whether it is hosted by a single server or delivered by an entire network
             infrastructure.A DoS attack attempts to reduce the ability of a site to service
             clients, whether those clients are physical users or logical entities such as other
             computer systems.This can be achieved by either overloading the ability of the
             target network or server to handle incoming traffic, or by sending network packets
             that cause target systems and networks to behave unpredictably. Unfortunately for
             the administrator,“unpredictable” behaviour usually translates into a hung or
             crashed system.
                 Although DoS attacks do not by definition generate a risk to confidential or
             sensitive data, they can act as an effective tool to mask more intrusive activities that
             could take place simultaneously.While administrators and security officers are
             attempting to rectify what they perceive to be the main problem, the real penetra-
             tion could be happening elsewhere.
                 Some of the numerous forms of DoS attacks can be difficult to detect or
             deflect.Within weeks, months, or even days of the appearance of a new attack,
             subtle “copycat” variations begin appearing elsewhere. By this stage, not only must
             defenses be deployed for the primary attack, but also for its more distant cousins.
                 Most DoS attacks take place across a network, with the perpetrator seeking to
             take advantage of the lack of integrated security within the current iteration of IP
             (i.e., IP version 4 [IPv4]). Hackers are fully aware that security considerations have
             been passed on to higher-level protocols and applications. IP version 6 (IPv6),
             which may help rectify some of these problems, includes a means of validating the
             source of packets and their integrity by using an authentication header.Although
             the continuing improvement of IP is critical, it does not resolve today’s problems,
             because IPv6 is not yet in widespread use.
                 DoS attacks not only originate from remote systems, but can also be launched
             against the local machine. Local DoS attacks are generally easier to locate and rec-
             tify, because the parameters of the problem space are well defined (local to the
             host).A common example of a locally based DoS attack is a fork bomb that repeat-
             edly spawns processes to consume system resources.




          www.syngress.com