Cybertelecom

Cybertelecom
Federal Internet Law & Policy
An Educational Project

Denial of Service Attacks

Cybersecurity
- Agencies
- - White House
- - DHS
- - NIST
- - NTIA
- - FCC
- Reference
- Cryptography

Crimes Against Network
- Worms, Viruses, Attacks
- Hackers
- DOS
- WiFi Security
- Cyberwar
- Network Reliability
- Infrastructure Protection
- - Kill Switch

Crimes Over Network
- CyberStalking
- Fraud
- - Auctions
- - Phishing
- Gambling
- ID Theft
- Offensive Words

Info Gathering
- Wiretaps
- CALEA
- ECPA
- FISA
- Forensics
- Carnivore
- Patriot Act
- Data Retention
- Safe Web Act

Emergency
- EAS
- Assessment
- Reliability
- Vulnerabilities

"In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

"The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.

"An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.

"In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a web site or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack." - US CERT. See also [Kotikalapudi Sriram, Doug Montgomery, Resilient Interdomain Traffic Exchange: BGP Security and DDOS Mitigation, NIST SP 800-189 Sec. 3.1 (Dec. 2019) ("Distributed denial-of-service (DDoS) is a form attack where the attack traffic is generated from many distributed sources to achieve a high-volume attack and directed towards an intended victim (i.e., system or server)")]

DOS Attacks

UDP Flood

ICMP Ping Attack

Ping of Death

SYN Flood

Query Attack

Bogus Traffic

Reflected Attack [Kotikalapudi Sriram, Doug Montgomery, Resilient Interdomain Traffic Exchange: BGP Security and DDOS Mitigation, NIST SP 800-189 Sec. 3.2 (Dec. 2019) (Reflection Amplification Attacks)]

Slowloris

Unintentional Attacks

CDN :: Victoria Secrets

John Oliver, Network Neutrality and the FCC

Routing errors

Other types of DOS: Jamming

See also Spoofing.

IoT DOS Attacks

Ms. Smith, University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices, Network World Feb. 12, 2017 ("The university then contacted the Verizon RISK (Research, Investigations, Solutions and Knowledge) Team and handed over DNS and firewall logs. The RISK team discovered the university’s hijacked vending machines and 5,000 other IoT devices were making seafood-related DNS requests every 15 minutes.")

Improving IoT Security, ITU June 14, 2016 ("the network configurations and deployment schemes envisaged give rise to some potentially dangerous cyberattack opportunities. For example, enabling user access control at IoT endpoints is vulnerable to replay, “man-in-the-middle”, and denial-of-service (DOS) attacks.")

IoT Botnet Source Code Responsible for Historic Attack has been Publicly Released, CircleID 10/3/16

How the Grinch Stole IoT, L3 (Oct. 18, 2016), Level 3 Threat Research Labs has previously reported on a family of malware that exploits Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets. With a rapidly increasing market for these devices and little attention being paid to security, the threat from these botnets is growing.

Understanding the Dyn DDoS Attack, NCTA Oct 27, 2016

Sen. Mark Warner letter to FCC Chairman Wheeler, Oct. 25, 2016 (“Under the Federal Communications Commission’s (FCC’s) Open Internet rules, ISPs cannot prohibit the attachment of “non-harmful devices” to their networks. It seems entirely reasonable to conclude under the present circumstances, however, that devices with certain insecure attributes could be deemed harmful to the “network” – whether the ISP’s own network or the networks to which it is connected. While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area.”)

Internet Service Providers could help clean up Internet of Things security for the devices around us. Wired 10.27.16

Brian Krebs, Hacked Cameras, DVRs Powered Today’s Massive Internet Outage, Krebs on Security (October 21, 2016).

Plonka and Boschi, The internet of Things and Unmanaged, revised 2016 (“In May 2003, we found that one IP address of a public Network Time Protocol server was the destination of a large scale flood of inbound traffic. To our surprise, we determined the sources of this flooding to be hundreds of thousands of real Internet hosts throughout the world – the root cause being serious flaws in the firmware of low-cost Internet products targeted for residential use. Because this situation was dis- covered before its peak and a subset of the flawed devices continue to operate even today, in 2016, we offer an empir- ical measurement of the lifetimes of such products. Based on this incident, we also consider how Internet consumer products are introduced and operated and propose ways in which we might address the threats that such things pose.”)

620+ Gbps Attack - Post Mortem, Akamai 10/5/16 ("That attack and the recent release of the Mirai source code have generated a lot of interest in, and speculation about, the role of IoT devices in DDoS attacks")

Nicole Perlroth, Hackers Used New Weapons to Disrupt Major Websites Across U.S., The New York Times (Oct. 21, 2016).

Strategic Principles for Securing the Internet of Things, DHS 2 Nov. 2016 ("Last year, in a cyber attack that temporarily disabled the power grid in parts of Ukraine")

Al Qaeda Attacks Internet With Photo Of Adorable Piglet

Al Qaeda Attacks Internet With Photo Of Adorable Piglet

Federal Activity

2000 DDOS: "In the week of February 7, 2000, hackers launched distributed denial of service (DDS) attacks on several prominent websites, including Yahoo!, E*Trade, Amazon.com, and eBay. In a DDS attack, dozens or even hundreds of computers all linked to the Internet are instructed by a rogue program to bombard the target site with nonsense data. This bombardment soon causes the target sites's servers to run out of memory, and thus cause it to be unresponsive to the queries of legitimate customers. On February 29, 2000, Deputy Attorney General Eric Holder and Director of the National Infrastructure Protection Center Michael A. Vatis testified before a House and Senate Joint Judiciary Subcommittee meeting to talk about the distributed denial of services attacks and about cybercrime in general." Cybercrime.gov
Presidential Memo: Action by Federal Agencies to Safeguard Against Internet Attacks (March 3, 2000)
Hearings
Jun. 27, 2000 Senate Judiciary Committee S.2448, to enhance the protections of the Internet and the critical infrastructure of the United States
Feb 29. Senate Judiciary Committee Subcommittee on Criminal Justice Oversight joint hearing with the House Judiciary Subcommittee on Crime, on "Internet Denial of Service Attacks and the Federal Response ." 2:00 p.m. in Rayburn HOB Room 2141
Statement of Eric Holder, Deputy Attorney General of the United States, Before the Subcommittee on Crime of the House Committee on the Judiciary and the Subcommittee on Criminal Justice Oversight of the Senate Committee on the Judiciary on "Internet Denial of Service Attacks and the Federal Response" (February 29, 2000)
Statement of Michael A. Vatis, Director, National Infrastructure Protection Center, Federal Bureau of Investigation before the Senate Judiciary Committee, Criminal Justice Oversight Subcommittee and House Judiciary Committee, Crime Subcommittee on "Cybercrime" (February 29, 2000)

Tools

P. Ferguson, CISCO, D. Senie, Amaranth Networks, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, IETFG RFC 2827 (May 2000) (BCP38) ("Recent occurrences of various Denial of Service (DoS) attacks which have employed forged source addresses have proven to be a troublesome issue for Internet Service Providers and the Internet community overall. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from ’behind’ an Internet Service Provider’s (ISP) aggregation point.")

Audio

Webcast: Analysis of the DDoS Attack Against SCO, NANOG 3/26/2004
Nanog, Trends in Denial of Service Attack Technology Kevin Houle, CERT Fall 2001
Nanog, Diversion and Sieving Techniques to Defeat DDoS, Yehuda Afek, Anat Bremler-Barr, Tel-Aviv Univ. & WANWall; Hank Nussbacher, Dan Touitou, WANWall

Papers

BITAG SNMP DDoS Attacks A Broadband Internet Technical Advisory Group Technical Working Group Report

CERT/CC Denial of Service Attacks

W3C Securing Against Denial of Service Attacks

CAIDA Worldwide Detection of Denial of Service (DoS) Attacks 8/2001

Nanog, DoS Attacks in the Real World Karthik Arumugham, Global NAPs, Fall 2001

CAIDA: Internet Measurement: Myths about Internet data (5 dec 01) Myth: DOS only affects large sites

BCP38: P. Fergusen, D. Senie, IETF RFC 2827: Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing (May 2000) ("Recent occurrences of various Denial of Service (DoS) attacks which have employed forged source addresses have proven to be a troublesome issue for Internet Service Providers and the Internet community overall. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point.")

DNS Attack

News

Verisign, Verisign Distributed Denial of Service Trends Report (4th quarter 2015).

2010 Report on Distributed Denial of Service (DDos) Attacks, Berkman Center 7/11/2011

DDoS attacks made worse by firewalls, report finds, CW 2/3/2011

How to DDOS a federal wiretap, CW 11/13/2009

DNS problem linked to DDoS attacks gets worse, CW 11/17/2009

Georgia cyberattacks linked to Russian organized crime, CW 8/18/2009

Georgia, Russia: More on DDOS Attacks, Global Voices 8/18/2009

Twitter withstands second DDoS attack in a week, CW 8/18/2009

Hacked blogger seeks Russia probe, BBC 8/11/2009

Cyberattacks' Aftershocks Hit the Web, Internet News 8/11/2009

Security researchers zero in on Twitter hackers, CW 8/11/2009

Professor Main Target of Assault on Twitter, NYT 8/11/2009

'Massive attack' strikes websites, BBC 8/7/2009

Update on Today's DoS Attacks, Twitter 8/7/2009

Is a Psychopath Attacking Twitter, Facebook?, Wired 8/7/2009

Twitter limps back to life after DDoS attack, CW 8/7/2009

Twitter Goes Down in Attack, Internet News 8/7/2009

Denial of Service Attack, Twitter 8/7/2009

Time Warner Cable DNS Under DDoS Attack - Apparently there's some disgruntled zombies out there..., dslreports 2/26/2009

Study: DDoS attacks threaten ISP infrastructure, CNET 11/13/2008

ISPs Fear Monster 40Gbps DDoS Attacks - Attacks getting more sophisticated, while resources getting strained., dslreports 11/13/2008

Denial-of-Service Attack Targets Windows XP, eweek 6/8/2007

Survey: DOS attacks, bots top security threats, CW 9/12/2006

Botnet Herder Charged With 2004 DoS Attack, Internet Week 10/26/2006

Denial-of-service hacking soars, BBC 3/9/2006

DoS Attacks Still A Threat, CW 4/8/02

New Defense Against Hack Attacks , Newsfactor 4/8/02

Hybrid DDoS worm strikes MS servers, ZDNet 11/23/01

Anti-DDoS Tool Debuts At RSA , Interactive 2/20/02

DoS Attacks: Easier To Launch, Harder to Fight, Newsfactor 11/7/01

CERT: Net Targeted For DoS Attacks, Infoworld 10/25/01

Study: Nearly 4,000 DoS attacks occur per week, CNN 5/25/01

FBI: Hackers Step Up DoS Attacks, Newsbytes 5/8/01

White House Site Attack Clues Sought, CW 5/8/01

Denial-of-service warning put out by FBI cybercrime agency, CW 5/8/01