--Originally published at Diego's Password
Imagine you are in finals week and today is your Informatics Security final exam. You take your time as usual, even extra, just in case. You are arriving to the Tec and the complete parking lot is full, even the lanes. Not a single car fits inside. Ok… take it easy, just park it outside and walk your way inside, right!? Wait… The waling entrance appears to be full as well, it’s completely crowded. And again no a single person fits in there. All the possible entrances are full, it’s like if all The Beatles were alive and giving a free concert inside. How would you feel? Failing Informatics Security. That ladies and gentleman would be the scenario of a denial of service attack.
I think this kind of attack is really easy to understand. It is making a service or a resource unavailable to its intended user. In my example the mastermind would be the person in charge of the marketing campaign announcing the concert. Sometimes it hard to find that much people willing to request some service at a given time, so normally in these kind of attacks the attacker fakes them. It’s also important to mention that the attackers hardware and technical power must be way more advance and robust than the victim. It is obvious; if you are trying to saturate a server, you need to be able to send more data than what the servers able to serve.
There are a lot of kinds of denial of service attacks, DoS by its initials.
- Distributed DoS: the attacker will have more than one IP address, by more than one I mean thousands of IP addresses. So instead of showing up a lot at the Tec’s parking lot, you’d be dressed like a thousand different persons, hence you be recognized as easy.
- Advanced persistent DoS: this kind is like the sequel of the saga; the revenge of the DoS attack. Technically it has the same principal, but taken to a whole new level. This attacker knows his business. He will hit distinct services, he has hulk computing power, he is persistent and won’t get tired.
- Degradation of service: this attack appears to be less harmful since you are not completely killing the service right? Wrong! It’s more dangerous since they are way more difficult to detect, since you are still running “correctly,” the server might never notice.
- Slow Read: you achieve this attack by altering the read TCP Window size. The victim will be trying to serve this request hopelessly.
Ok, now we know some of the most common denial of service attacks, but why besides pure evil would someone do it? Well, of course the main consequence it brings is the actual loss of the service the webpage provides; but when a server is compromised this much, it is very likely that other kind of services fail as well, like their own security could it be? This would be the perfect time for someone to access and continue with their attack.
So access, is that it? Since the shutdown of a service can cause severe losses for the company, even if it’s just for a couple of minutes, it’s terrible for the business point of view. This is we DoS extortion comes in. It is not as common as just a break through security but is something that can happen. They normally begin with a small attack and a warning. It’s recommended to evade negotiation with respect to the ransom since its proven that once the attackers recognize a company that is willing to pay, the extortion tends to be repeated.
So when I notice that a page is not working, does it mean it was attacked? There is a large number of reasons a service can be denied, the most commons reasons are just technical bugs or updates, but there’s a very particular case where DoS can be caused accidentally. What if the actual concert happened. Amazingly The Beatles are alive and they come to the Tec. When there’s a case that extreme, it would be normal for a webpage to break.