At 10/29/06 12:35 PM, JusticeofIrony wrote:
can you explain what a DOS is and how it works? im interested.
Well, that certainly is a very interesting question. I learnt a fair bit about DOS attacks at my very short time at university. I still have a small 'essay' I wrote about them kicking about, here are some segments from it.
How it works is the router that's trying to saturate and force as much data down the connection, whatever its speed, the router's own buffers will overflow, and its strategy is simple. I just drop what I can't send. The Internet's protocols are robust in the face of dropped packets because it's understood that routers forward what they can in the best direction they know how to, but packets will get lost. And so the TCP protocol has a whole acknowledgment system and a retransmit logic. Protocols like UDP that don't have that built in, their applications, like DNS, know to resend a request if it hasn't received a response. So the notion of packets being dropped is something that the Internet can deal with.
The problem is, if somebody, for example, were flooding a DSL connection that can handle 384K, if they were flooding it with 384 megabits, that is, a thousand times more than it can handle, then there's very little chance, one in a thousand, for your good packets, that is, the valid packets you would like to receive down your DSL connection, there's very little chance for them to compete against this flood of attacking packets. And, you know, the attacking packets are nothing really but too many. There are just too many of them. And the router has no way of knowing, in a properly designed attack, which packets you want and which ones you don't. They all look the same to a router. It just sends what it can onward and drops the flood, basically.
So it's not that the denial of service attack is all getting through to you and, like, overheating your DSL modem or something. It's that you see a denial of service because the valid traffic can't compete, statistically, against this flood of attacking traffic which is trying to get through. Essentially, it's a bottleneck.
This is where the DDOS (Distributed Denial of Service) attack comes into it. For example, say that somebody on a cable modem was attacking some one person on a cable modem was trying to directly attack some other person on a cable modem. Well, as we know, cable modems tend to have asymmetric bandwidth. You can download maybe a megabit, but you can only upload maybe 250K, or 256, so like one quarter of that. So the idea is, if one person were trying as hard as they could to attack another, well, their maximum upstream or outgoing bandwidth would be 256K, or 250K, for example, a quarter of a megabit, which is one quarter of what you're able to download. So you could accept that attack down your connection and still have three quarters of a megabit, that is, three quarters of your total bandwidth, available to you for valid traffic. So you might notice that, boy, you know, my cable modem or my DSL modem light used to be flickering, or normally flickers, now it's on steady. But you would still be able to use your Internet connection because it wouldn't be flooded, and your traffic would be able to get through.
And even if now, say, four attackers combined their bandwidth, and they were each a quarter megabit, well, now there'd be one megabit of attacking traffic competing with potentially one megabit of your valid traffic. And you'd probably feel a slowdown. It would feel like, okay, something's wrong somewhere. We don't know where or what, but boy, my connection is smoking. But I'm still sort of still connected to the Internet. So the idea is it's a matter of scale. It's a matter of how big the flood is that is competing with valid traffic.
Now, as we're seeing, you don't even have to give permission to partake in a DDOS attack. Hackers are now deliberately creating trojan horses that connect to an IRC channel, where commands are given to the infected machines to attack a particular site. So, if you don't have a firewall, or aren't very secure, you could be, without knowing it, being part of a malicious attack on a website.
That explains the main principals of a [D]DOS attack, I doubt very much indeed your friend could "DOS" your site, unless he is very good at computers and programming. I suggest you tell him to shut up.