2.4 - Denial of Service

Question 1

Denial of service

Answer 1

• Force a service to fail
  – Overload the service
• Take advantage of a design failure or vulnerability
  – Keep your systems patched!
• Cause a system to be unavailable
  – Competitive advantage
• Create a smokescreen for some other exploit
  – Precursor to a DNS spoofing attack
• Doesn’t have to be complicated
  – Turn off the power

Question 2

A “friendly” DoS

Answer 2

• Unintentional DoSing
  – It’s not always a ne’er-do-well
• Network DoS
  – Layer 2 loop without STP
• Bandwidth DoS
  – Downloading multi-gigabyte Linux distributions
  over a DSL line
• The water line breaks
  – Get a good shop vacuum

Question 3

Distributed Denial of Service (DDoS)

Answer 3

• Launch an army of computers to bring down a service
  – Use all the bandwidth or resources - traffic spike
• This is why the bad guys have botnets
  – Thousands or millions of computers at your command
  – At its peak, Zeus botnet infected over 3.6 million PCs
  – Coordinated attack
• The attackers are zombies
  – Many people have no idea they are participating
  in a botnet

Question 4

Mitigating DDoS attacks

Answer 4

• May be able to filter out traffic patterns
  – Stop the traffic at your firewall
• Internet service provider may have anti-DDoS systems
  – These can help “turn down” the DDoS volume
• Third-party technologies
  – CloudFlare, etc.