PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP

PicoSearch

 

HOME

START HERE

BE SAFE

ROUTERS

SIGNUP INFO

DIAGRAMS

TROUBLECITY

DEBUGGING

SPYING

WIRELESS

NETWORKING

ENCRYPTION

INTRUDERS

SPYWARE

ADD DISK

ANTIVIRUS

CLEANUP

FIREWALL

REMOTE

LINUX

UPGRADE

WPA!!

SWITCHES/HUBS

PC STUFF

CABLING

BACKUP

ETHERNET

TCP/IP INFO

PC INFO

ADSL INFO

WIRELESS INFO

 

HAVE I HELPED?

 

ATTACKS IN CYBERSPACE

Denial of Service (DOS) attacks have received a lot of press in the last few years.  Here is one of the most recent. For a very good reason.  If you have high speed connection to the Internet, you can do many despicable things, especially if you know how to write code, or if you can find code on the Internet and use it.  This is the purview  of "script kiddies," typically teenage terrorists [yes, many of those are our children].  With an ADSL or a cable modem connection, you can overwhelm a dialup connection of your friends if you know his IP address, and make it unusable.  You simply send a continuous string of pings, or many other mal-formed TCP packets.  These packets simply keep your "friend's" PC so busy that he/she can't do anything else, thus "denial of service."  The hard part of this is finding the IP address of your friend, since they change every time your friend logs in.  So you need to find sites with static IPs - ah ha this is most corporations and businesses!  So I can easily find the address [well, at least one of the addresses] of www.yahoo.com and send the same string of garbage to it, in an attempt to cause a denial of service.  Well, this doesn't work too well when you only have a single cable modem or ADSL connection.  Your measly 256 Kb/s to 1 Mb/s traffic will hardly be noticed by the large sites which probably have T3 or OC3/12 connections to the Internet.  And it is not very smart to do this, because all the traffic from you will have your personal IP address in them.  Bingo!  The packets can be traced back to you.  IP addresses belong to ISPs, and particular IPs assigned can be learned based on the time of the attack by using the RADIUS logs of the ISP.  And assigned IPs can be associated with usernames! 

So.....  what is a cracker to do?  Well, he finds UNSAFE PCs on the Internet, those with un-patched vulnerabilities, or simply left open on critical ports by stupid people who don't know any better.  He then INSTALLS a trojan on that PC, which he can command to do the DOS for him.  Now just conceive of what will happen when this bastard has hundreds or thousands of these PCs under his command!  He can orchestrate some pretty serious DOS attacks, which are very difficult to trace, because they are coming from all over the Internet.  And this is precisely what has happened in the last few years.  They happen all the time.  Of small to large magnitude.  CNN and Yahoo and a few others were taken off the air a couple years ago.  There was an attack on the DNS root name servers last year.  This sort of attack is called a "distributed denial of service attack," or "DDOS."

There is basically no complete defense against this sort of thing.  There are increasingly some "intrusion detection services (IDS)" which are emerging in order to monitor these attacks.  This is a great resource on DOS attacks.  This is another good article.

This battle against the terrorists who want to abuse the open skies of the Internet will go on for years.  Don't you be an unwitting helper to all these terrorists!!!  Go here to learn how to detect if this scum is infecting your PC.

Increasingly, in late 2004, criminal elements are taking over the dark corners of the Internet, collecting zombie PCs and renting them out for spammers and terrorists.  "Phishing" is an especially nasty practice, and is perpetrated by criminal elements, mostly overseas.

One of the most complete narratives and investigations on the DOS and DDOS attacks in cyberspace was caried out by Steve Gibson of Gibson Research Corporation a few years ago.  This narrative is well worth reading.  Steve even describes the next nightmare, "Distributed Reflection Denial of Service," or DRDOS.

This company evens provides solutions for preventing this stuff, and has some good technical reports/white papers at their site.

TCP/IP STUFF

WIRELESS STUFF

PC STUFF

ADSL/CABLE MODEM STUFF

 

Copyright John D Loop Saturday January 22, 2005