Webhosting Reseller dan affiliate Hosting Indonesia Top !

DDoS Stacheldraht Attack diagram.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB's Internet Proper Use Policy. They also commonly constitute violations of the laws of individual nations.^[1]

Means

As there are two main types of attack (wired and wireless), different material is to be used for each of the two types.

Attacks on wired networks require a great deal of computing power, often even requiring the need of distributed computing. Attacks on wired networks do not require any NICs or external antennae, yet often do have the need of a (broadband) connection to the Internet.

Attacks on wireless networks require a high power NIC and usually a high-gain (directional) external antenna (to increase range as well as power output). High power NICs fall in the range of the 300mW-cards. Examples can be found from companies such as Demarc Technology Group.

Manifestations

The United States Computer Emergency Readiness Team defines symptoms of denial-of-service attacks to include:

• Unusually slow network performance (opening files or accessing web sites)
• Unavailability of a particular web site
• Inability to access any web site
• Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)^[2]

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

Methods of attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

1. Consumption of computational resources, such as bandwidth, disk space, or processor time
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:

• Max out the processor's usage, preventing any work from occurring.
• Trigger errors in the microcode of the machine.
• Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
• Exploits errors in the operating system to cause resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
• Crash the operating system itself.
• iFrame (D)DoS, in which an HTML document is made to visit a webpage with many KB's of information many times, until they achieve the amount of visits to where bandwidth limit is exceeded.

Komentar (1)

Subscribe to this comment's feed

Show/hide comments

ariefew: DoS http://ariefew.com

Kucoba terjemahkan secara singkat dan bebas tentang DoS dlm bahasa Indonesia...
DoS merupakan jenis serangan terhadap sebuah komputer atau server di dalam jaringan internet dengan cara menghabiskan sumber (resource) yang dimiliki oleh komputer tersebut sampai komputer tersebut tidak dapat menjalankan fungsinya dengan benar sehingga secara tidak langsung mencegah pengguna lain untuk memperoleh akses layanan dari komputer yang diserang tersebut.

Dalam sebuah serangan Denial of Service, si penyerang akan mencoba untuk mencegah akses seorang pengguna terhadap sistem atau jaringan dengan menggunakan beberapa cara, yakni sebagai berikut:

Membanjiri lalu lintas jaringan dengan banyak data sehingga lalu lintas jaringan yang datang dari pengguna yang terdaftar menjadi tidak dapat masuk ke dalam sistem jaringan. Teknik ini disebut sebagai traffic flooding.

Membanjiri jaringan dengan banyak request terhadap sebuah layanan jaringan yang disedakan oleh sebuah host sehingga request yang datang dari pengguna terdaftar tidak dapat dilayani oleh layanan tersebut. Teknik ini disebut sebagai request flooding.

Mengganggu komunikasi antara sebuah host dan kliennya yang terdaftar dengan menggunakan banyak cara, termasuk dengan mengubah informasi konfigurasi sistem atau bahkan perusakan fisik terhadap komponen dan server.

Salah satu jenis serangan DoS yang terkenal yaitu DDoS (Distributed Denial of Service) yaitu salah satu jenis serangan Denial of Service yang menggunakan banyak host penyerang (baik itu menggunakan komputer yang didedikasikan untuk melakukan penyerangan atau komputer yang "dipaksa" menjadi zombie) untuk menyerang satu buah host target di jaringan.

Serangan Denial of Service klasik bersifat "satu lawan satu", sehingga dibutuhkan sebuah host yang kuat (baik itu dari kekuatan pemrosesan atau sistem operasinya) demi membanjiri lalu lintas host target sehingga mencegah klien yang valid untuk mengakses layanan jaringan pada server yang dijadikan target serangan. Serangan DDoS ini menggunakan teknik yang lebih canggih dibandingkan dengan serangan Denial of Service yang asli, yakni dengan meningkatkan serangan beberapa kali dengan menggunakan beberapa komputer sekaligus, sehingga dapat mengakibatkan server atau keseluruhan segmen jaringan dapat menjadi "tidak berguna" bagi klien.

Selain itu, serangan DoS lainnya adalah :

Serangan Buffer Overflow, mengirimkan data yang melebihi kapasitas sistim, misalnya paket ICMP yang berukuran sangat besar.

Serangan SYN, mengirimkan data TCP SYN dengan alamat palsu.

Serangan Teardrop, mengirimkan paket IP dengan nilai offsetyang membingungkan.

Serangan Smurf, mengirimkan paket ICMP bervolume besar dengan alamat host lain.

ICMP Flooding

1

• report abuse
• vote down
• vote up

Juli 08, 2009
Votes: +0

 Show/hide comment form

Nama

Email

Website

Judul

Komentar

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Tambahkan Komentar Preview