Firewall Wizards mailing list archives

Re: Denial of service

From: Bennett Todd <bet () mordor net>
Date: Tue, 18 Aug 1998 11:00:53 -0400

1998-08-17-13:24:50 City:

What exactly is denial of service?


"Denial of Service" is a very, very broad category of attack. In fact, I'd say
it's sorta ``half of everything out there'', with the other half being all the
integrety compromises (violation of confidentiality, authentication failure,
etc).

Denial of Service means that the owner of a resource is denied access to it.

If someone exploits a bug in named to crash it, shutting down your DNS
service, that's a Denial of Service attack.
Likewise if someone SYN-floods you, or smurfs you, or spams you to death, or
uses any of the other many effective resource-exhaustion attacks.

Depending on details of local needs and policies Denial of Service may be more
or less critical to you than the rest of the attacks out there --- the ones
that involve people reading things they shouldn't, using your servers for
their ends, modifying your data, or whatever.

Denial of Service attacks may be far less important if your internet service
isn't mission critical for you, but the integrety and/or confidentiality of
your data is. Your typical Wall St. firm is an exemplar of this stance.

Denial of Service attacks may be far more important if your business _is_ your
connectivity --- ISPs, regional connectivity providers, and content providers
are often examples of this stance. Denial of Service attacks are _more_
important because they're so much easier to commit, which is to say harder to
prevent. With care and a bit of effort (and the ability to outlaw some
services), you can eliminate the integrity compromises. It isn't even that
hard. But you can never eliminate denial of service attacks, since they can be
committed by exhausting resources outside your control.

And there are connections between Denial of Service and "everything else", in
both directions; if someone exploits a full breakin to reformat your hard
drive, it's quite practical to call the result a hellacious Denial of Service;
I suspect that _any_ integrity compromise can be manipulated into a denial of
service with little effort. And denial of service attacks are a routine tool
for taking a partial compromise and manipulating the system to get the whole
enchilada. As a trivial example, suppose someone finds yet another bug that
lets them fool sendmail into writing any file on the system, and they want to
write an addendum to inetd.conf that let's 'em telnet to a magic port and get
a root shell. They need to make you restart inetd. If they can hang or crash
inetd, that's liable to get inetd restarted quicker.

-Bennett

Current thread:

Re: Denial of service, (continued)
- - Re: Denial of service Roger Nebel (Aug 19)
  - RE: Denial of service Ted Doty (Aug 19)
    - RE: Denial of service David C Niemi (Aug 19)
    - RE: Denial of service Ted Doty (Aug 23)
    - RE: Denial of service David C Niemi (Aug 23)
    - RE: Denial of service Marcus J. Ranum (Aug 23)
    - Re: Denial of service ICMan (Aug 19)
    - Re: Denial of service Ted Doty (Aug 23)
- Re: Denial of service Pawel Maciejewski (Aug 19)
  - Re: Denial of service Gigi Sullivan (Aug 19)
- Re: Denial of service Bennett Todd (Aug 19)
- Re: Denial of service HASSAN . KARIM (Aug 19)
- Re: Denial of service Frank de Jong (Aug 19)
- Re: Denial of service Logic Man (Aug 19)
- RE: Denial of service Randy Samos (Aug 23)
- RE: Denial of service Biggerstaff, Craig T (Aug 24)
- RE: Denial of service Jim Wamsley 303-673-8163 (Aug 25)