At 09:03 AM 02/11/2000 -0800, Stephanie Trimble wrote:
<DIV><FONT face=Arial size=2><SPAN class=535215616-11022000>I don't know that
much about a DOS attack, but from what I've heard, I understand that it
makes it
appear that there are a bunch of people viewing that particular site, so
the web
server serves a bunch of web pages, so that it overloads the server.
The
server can't handle it and therefore crashes.
>From that understanding, wouldn't it be possible that
>a bunch of people actually do view that site,
>crash the server, and it not actually be a DOS attack?
This is often called "Getting slashdotted" :-)
Slashdot.org is a popular techie news site, and when there's an article about
"somesite.com has a really cool program foobie that you can download",
somesite.com can be hit by 10000 people checking it out within
the next hour, trying to download the cool 10MB program three times per
second,
which is tough for a site with only a T3 data feed....
A DOS attack can send requests much faster than that,
since URLs aren't very big and responses are often much bigger.
But more commonly, they'll try to hit lower in the protocol stack,
such as getting ICMP ECHO to loop back to a forged address,
or starting TCP sessions and leaving them half-open filling up tables.
If they're clever, they'll find some way to get the target to do
lots more work that the client, and have several hundred clients
running on cracked machines initiating requests -
badly designed crypto protocols can make it easy to do this,
so systems like Photuris Key Exchange force the initiator
of a conversation to do the heavy-work parts before the responder.
There've been a lot of articles on this in the last couple of days;
check slashdot, or zdnet, or your favorite newspaper.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
