Many of our articles in the exploits section describe Denial of Service attacks.
Since these attacks are less "glamorous" than attacks that can be used to immediately achieve privileged access, this form of attack is usually underestimated, and the result is very dangerous from a security point of view.
This article will try to explain why Denial of Service attacks should be taken very seriously.
See our exploits section for a long list of exploits, some of them are Denial-of-Service (DoS) attacks.
If you are subscribed to our mailing list, and you're receiving daily articles describing security exploits, you probably noticed that many of those exploits are "simple" denial of service attacks. Those are very serious security holes that should be dealt with just as "root shell" attacks.
A Denial-of-Service attack can be an easy way for the competition to shut your business down temporarily, or permanently. Just imagine your e-mail and web server crashing, leaving your business disconnected from your customers. Think about launching a new service where suddenly your server, which was designed to serve millions of remote users, is suddenly slowing down considerably for a non-apparent reason.
This is a true weapon in today's competitive markets.
For the Fun of it
This is a factor that is always underestimated. People always tell me "I have no security threat - Who would possibly want to harm me?" The problem lies with many "crackers" who want to do damage, just for the fun of it. How much fun is it watching a server crashing? Plenty of fun, apparently.
Since Denial-of-Service are the simplest attacks to conduct, and they are usually impossible to trace back to the attackers, Denial-of-Service is sometimes a preferred form of attack. There are many crackers, and crackers wannabes out there. One of those might be knocking at your door.
This is the most dangerous possibility. Sometimes DoS attacks precede the actual attack. A Denial-of-Service attack serves the following purposes as part of a full system attack:
- When all the attention concentrates on getting the server to work again, very little attention is put on what goes on exactly on the local network
- The attack creates several anomalies that can easily go undistinguished if buried in a large number of anomalies created by the DoS attacks.
- Sometimes a denial-of-service can really bring immediate results to an attacker: Consider a router that contains a filter that blocks certain ports or IP addresses. Now imagine the router is attacked by a DoS that makes it stop working completely. The administrator will naturally come and restart its operation. But if it happens constantly, the administrator will start to look for the problem. The simplest (and most common) way to check which filter rule makes the problem is to remove all the rules and apply the one by one. This leaves the router exposed! (Although this exposure is for a short period of time, the attacker knows its exact time). Now think about this attack directed at a firewalled machine. As soon as the firewall is brought down (usually, due to massive pressure from the co-workers who want to continue their communication), the attacker can quietly and safely break in.
- Denial-of-Service attacks are sometimes a required step during a full-scale attack. For example, some attacks require the attacker to reboot the machine. This can easily be performed by shutting down a crucial service or by crashing the host (the administrator will naturally come and restart the affected machine, thus making the necessary reboot).
Therefore, it's very recommended to pay attention to possible DoS attacks and to avoid them (by applying new patches) when possible.