Denial of service (DoS)

Denial of Service - or DoS for short - refers to attacks that make systems inaccessible or render them out of operation. On a technical level, DoS attacks involve bombarding a server with so many requests that the system can no longer function as intended; in the worst cases, it may even collapse entirely. Well-known web servers including Amazon, Yahoo and eBay have all fallen victim to severe attacks of this kind, having been inundated with up to four times' their normal data traffic, rendering them unable to handle normal requests for a period of time.

The programs used for modern DoS attacks are highly sophisticated. Attackers are difficult to trace because the path to the data can be obfuscated. Some of the attacks are possible due to bugs and vulnerabilities in programs and operating systems, or incorrectly implemented protocols. Other attacks simply overload the entire system with too many requests.

There are various different types of DoS attacks:

• SYN flooding: in TCP/IP-based networks, a so-called handshake takes place when a connection is first established. During this handshake, SYN and ACK data packages are exchanged. In a SYN flooding attack, so-called SYN packages are sent to a computer system. Instead of their own sender address, these packages bear a false IP address that can be accessed via the Internet. The attacked computer system attempts to respond to the SYN packages with SYN-ACK packages. However, because the sender address for the first package was fake, the system is unable to reach the computer that wanted to establish a connection with it at this address. After a certain period of time, the attacked system will give up attempting to establish a connection. If a large number of falsified SYN packages arrive all at once, the attacked computer will use up all of its connection capacity trying, in vain, to send SYN-ACK packages, rendering it completely uncontactable to other systems.
• Ping flooding: Ping is a program that checks whether other computers in the network can be contacted. With ping flooding, the attacker bombards the target computer with an enormous number of so-called pings. The computer is forced to deploy all its resources to respond to the pings (with "pongs"). Depending on the type and size of the pings flooding in each second, computers running on older operating systems can collapse completely within a very short period of time. In all cases, ping flooding significantly impairs the performance of the attacked computer and, above all, the network in which the computer is located. As well as causing system failure, the attack can also prove very costly if the network connection is charged based on data volumes generated rather than by time.
• Mail bombing: In mail bombing, attackers either send an enormously oversized e-mail to the target address, or bombard it with thousands of messages. This clogs up the e-mail account. In the worst cases, the e-mail server slows down or collapses completely. These kinds of mail bombing attacks can be carried out relatively easily using programs available online.

Distributed denial of service (DDoS)

In "distributed DoS attacks", a number of systems, rather than just one individual system, are used to execute a large-scale, co-ordinated attack. Due to the large number of computers attacking simultaneously, these attacks are highly effective. This type of attack is referred to as a Distributed Denial of Service (DDoS) attack. A DDoS attack can be recognised by the fact that it consumes significantly more network resources than standard traffic.

In practice, it might look something like this: A hacker distributes his attack programs across several hundred or thousand unprotected computers. Popular "victims" include servers on university networks, as these are usually in operation around the clock, unlike home PCs. These computers become attacking tools; at the hacker's command, they bombard a specified target, such as a web server, with fake requests. This renders the server out of action.

It is difficult to protect yourself against these kinds of attacks, because the target computer needs to receive data in order to be able to analyse it. But by this point, it's already too late. The hackers themselves are hard to track down, as they usually operate using fake IP source addresses. This is why it is important to prevent DDoS programs such as "Stacheldraht" and "TFN 2K" from getting into networks in the first place.