Firewall Wizards mailing list archives
RE: Denial of service
From: Ted Doty <ted () iss net>
Date: Tue, 18 Aug 1998 14:15:30 -0400
At 03:44 PM 8/17/98 -0700, Tupshin Harper wrote:
There are generally three reasons for an attack: 1) Attacker wants to obtain information. 2) Attacker wants to obtain use of resources 3) Attacker wants to inflict damage on the attacked 4) Attacker wants to climb Mt. Everest(because it's there). Number three is frequently overlooked by those that should know better. Many otherwise secure networks/systems are susceptible to denial of service attacks, typically motivated by number three. Examples of denial of service attacks range from crashing a server to using a thermo-nuclear device on your ISP.
I personally don't think that you can protect yourself from Denial Of Service attacks in an Internet environment, since there are so many autonomous domains of control. While the ISPs are trying to address this, progress is slow. Trying to trace an attacker back through several providers is a very people-intensive operation, meaning it's slow and expensive. Anyone who wants to can crash your Internet router. If you've patched it sufficiently that this is not possible, they can crash your ISP (who almost certainly is *not* patched sufficiently). If this doesn't work, they can smurf you from some vulnerable third party. Using some poor slob who's vulnerable to smurf and has a T3 Internet feed is always good for a laugh with the d00dz. This doesn't even begin to address issues like resource poisoning: classic examples of this are email spam and folks tossing flame bait on newsgroups. These "attacks" are more social, but result in fewer people using the poisoned resources. If your network positively has to be up for mission critical applications, don't connect it to the Internet. - Ted ----------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 678 443-6000 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479 Atlanta, GA 30328 USA | Web: http://www.iss.net ----------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- Denial of service City (Aug 17)
- Re: Denial of service Joseph S. D. Yao (Aug 18)
- Re: Denial of service Kevin T. Shivers (Aug 18)
- RE: Denial of service Tupshin Harper (Aug 18)
- Re: Denial of service Roger Nebel (Aug 19)
- RE: Denial of service Ted Doty (Aug 19)
- RE: Denial of service David C Niemi (Aug 19)
- RE: Denial of service Ted Doty (Aug 23)
- RE: Denial of service David C Niemi (Aug 23)
- RE: Denial of service Marcus J. Ranum (Aug 23)
- Re: Denial of service ICMan (Aug 19)
- Re: Denial of service Ted Doty (Aug 23)
- Re: Denial of service Gigi Sullivan (Aug 19)
- <Possible follow-ups>
- Re: Denial of service HASSAN . KARIM (Aug 19)