WHAT IS A DENIAL OF SERVICE ATTACK? ------------------------------------ Denial of service is about without permission knocking off services, for example through crashing the whole system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic problem is that Unix assumes that users on the system or on other systems will be well behaved.
WHY WOULD SOMEONE CRASH A SYSTEM? ---------------------------------
Why would someone crash a system? I can think of several reasons that I have presentated more precisely in a section for each reason, but for short: .1. Sub-cultural status. .2. To gain access. .3. Revenge. .4. Political reasons. .5. Economical reasons. .6. Nastiness. I think that number one and six are the more common today, but that number four and five will be the more common ones in the future. .A.2.2. SUB-CULTURAL STATUS --------------------------- After all information about syn flooding a bunch of such attacks were launched around Sweden. The very most of these attacks were not a part of a IP-spoof attack, it was "only" a denial of service attack. Why? I think that hackers attack systems as a sub-cultural pseudo career and I think that many denial of service attacks, and here in the example syn flooding, were performed for these reasons. I also think that many hackers begin their carrer with denial of service attacks. .A.2.3. TO GAIN ACCESS ---------------------- Sometimes could a denial of service attack be a part of an attack to gain access at a system. At the moment I can think of these reasons and specific holes: .1. Some older X-lock versions could be crashed with a method from the denial of service family leaving the system open. Physical access was needed to use the work space after. .2. Syn flooding could be a part of a IP-spoof attack method. .3. Some program systems could have holes under the startup, that could be used to gain root, for example SSH (secure shell). .4. Under an attack it could be usable to crash other machines in the network or to deny certain persons the ability to access the system. .5. Also could a system being booted sometimes be subverted, especially rarp-boots. If we know which port the machine listen to (69 could be a good guess) under the boot we can send false packets to it and almost totally control the boot. .A.2.4. REVENGE --------------- A denial of service attack could be a part of a revenge against a user or an administrator. .A.2.5. POLITICAL REASONS ------------------------- Sooner or later will new or old organizations understand the potential of destroying computer systems and find tools to do it. For example imaginate the Bank A loaning company B money to build a factory threating the environment. The organization C therefor crash A:s computer system, maybe with help from an employee. The attack could cost A a great deal of money if the timing is right. .A.2.6. ECONOMICAL REASONS -------------------------- Imaginate the small company A moving into a business totally dominated by company B. A and B customers make the orders by computers and depends heavily on that the order is done in a specific time (A and B could be stock trading companies). If A and B can't perform the order the customers lose money and change company. As a part of a business strategy A pays a computer expert a sum of money to get him to crash B:s computer systems a number of times. A year later A is the dominating company. .A.2.7. NASTINESS ----------------- I know a person that found a workstation where the user had forgotten to logout. He sat down and wrote a program that made a kill -9 -1 at a random time at least 30 minutes after the login time and placed a call to the program from the profile file. That is nastiness. .A.3. ARE SOME OPERATING SYSTEMS MORE SECURE? --------------------------------------------- This is a hard question to answer and I don't think that it will give anything to compare different Unix platforms. You can't say that one Unix is more secure against denial of service, it is all up to the administrator. A comparison between Windows 95 and NT on one side and Unix on the other could however be interesting. Unix systems are much more complex and have hundreds of built in programs, services... This always open up many ways to crash the system from the inside. In the normal Windows NT and 95 network were is few ways to crash the system. Although were is methods that always will work. That gives us that no big different between Microsoft and Unix can be seen regardning the inside attacks. But there is a couple of points left: - Unix have much more tools and programs to discover an attack and monitoring the users. To watch what another user is up to under windows is very hard. - The average Unix administrator probably also have much more experience than the average Microsoft administrator. The two last points gives that Unix is more secure against inside denial of service attacks. A comparison between Microsoft and Unix regarding outside attacks are much more difficult. However I would like to say that the average Microsoft system on the Internet are more secure against outside attacks, because they normally have much less services.
Comments
Post a Comment