Page 80 - StudyBook.pdf
P. 80
64 Chapter 2 • General Security Concepts: Attacks
NOTE
Despite its rather evil-sounding name, a daemon is defined as any pro-
gram that runs on a continuous basis and handles requests for service
that come in from other computers. There are many legitimate and
useful daemon programs that have nothing to do with launching
attacks (e.g., the line printer daemon [LPD] that runs on a remote print
server to monitor for print requests). The term is more often used in ref-
erence to UNIX/Linux systems. On Windows systems, services can be con-
sidered the analogue of daemons, which run in the background waiting
for requests.
After the attacker has recruited a sufficient number of zombies, he can contact
the masters and instruct them to launch a particular attack.The master then passes
on these instructions to multiple zombies who commence the DDoS attack.After
the attack network is in place, it can take only a few moments to launch a dis-
tributed attack.With similar speed, the hacker can also halt the attack.
The basic flow of the attack then becomes:
■ For Hosts Attacker to master to zombie to target
■ For Software Attacker to client to daemon to target
The use and development of DDoS programs have piqued the interest of gov-
ernments, businesses, and security experts alike, in no small part because it is a class
of attack that is extremely effective while simultaneously being hard to trace.
EXAM WARNING
Know the difference between DoS and a DDoS attacks. A DoS attack is
simply any attack that makes a network or computing resource unavail-
able. A DDoS is very unique in that it orchestrates many packets to be
directed to one host from multiple machines called zombies. These are
easily confused terms, stemming from the same idea, but distinct in
their scope. DoS is a very general term describing any kind of attack
that knocks out a service, while DDoS is a term that describes one spe-
cific type of DoS attack.
www.syngress.com
