what protection is there from Denial of Service attacks?
me needs to know for my college assignment, i would appreciate some help, thanx in advance

http://www.grc.com <- go and be educated

Err, that article was very OTT. Basically, there is no real defence against DOS attacks, thats why their so effective. Sure, you can not reply, but the data still has to get to you to be dropped.
Very little you can do except complain to ISP's. Unless your big anyway

Originally posted by thejester
http://www.grc.com <- go and be educated

http://www.grcsucks.com/ <-- go be more educated about the total MORON that guy is.

hehe I didnt know about the grcsucks site, maybe if you mixed the 2 together you might get somewhere near the truth.

Steve gibson isnt talking bollox, he is just a little over zealous.

If you take what he says and ignore a lot of the hype he is 99% correct..

Its just a lot of what he has found, no-one is either willing to admit, willing to do something about, or able to do somthing about.

So everyone shoots him down in flames.

He has a very well thought out site, with reasoned explanations for everything he has said. He`s kept things simple to allow anyone who can understand a web browser to read, but put enough information for the tech heads to understand whats really going wrong.

Its just his style of writing is not to everyones tastes.


As wishy said, there is very little defence against a DOS attack unless you have control over routers at the exchange level (tele house and the like) and even then you are only blocking it from a point... the DOS is still denying someone along the way of their service to a degree, just not you.

DDOS is worse. This is where the attack comes from hundreds or thousands of sources in small doses. Added together these make a large DOS that is virtually impossible to stop, short of removeing your internet connection or changing your IP.

The one thing that got Gibson so many enemies is the fact that he noticed the new "raw sockets" feature in XP.

With this it is possible to spoof your IP address and thus be totally anonymous in a DOS attack.

Gibsons critics said "you can do this in any os" but the truth is that it is only easy to do this in "geek" os`s like *nix, NT, 2k and misc other OSs.

The normal Joe Bloggs, comes with a packard bell pc, home OS of Windows 9x or ME DO NOT allow IP spoofing out of the box. And this is what Gibsons point was. XP home, the new replacement for 9x / ME allows this, and it thus a HUGE target for hackers writing trojans and the like.

Anyway... enough of my ranting.. i'm just one of the few who agree with him.. ignore me if you like :rolleyes:

If it does happen, I dont really give a toss tho ;)

Well this is why he won so many enimies.

People like you who dont really care, but got their back up because they think he`s just spouting bollox.

But anyway, it wont affect me either as i dont run (and dont intend to run) XP. Except as a test box.

Will affect you if someone decides to ddos your poor old 56k ;)

I think the reason Gibson got some peoples backs up (in what I felt was a pretty well written article) was because he said that raw sockets were the beginning of armageddon, the ground would crack open and we'd all be swallowed up etc etc..

oh well. I guess that's one of the downsides to having ADSL and a static IP :)

/me strokes 56k :D

/me DOS's dizzy

Why I dont care:-

Raw sockets arent really that exploitable. Window's interface to it's IP stack is pretty poor at the really low level and the chances of a virus going round running that will get sufficient privelidge to run DDOS attacks on a target is very small anyway.

If it does happen I'll buy WK a pint, and sit back and watch the mushroom clouds and the dead rise from the ground to walk the earth again... ;)

(oh reason 2:- i have a passive stateful firewall which fixes any crap that goes through it).

Gibson did a lot of good work examining and categorising the reflective DoS.

However, bitching at windows for raw sockets support is like whinging at bullet manufacturers that their products kill people.

The real change needs to be at the ISP and large LAN level (e.g. universities), where _everyone_ needs to turn on anti-spoofing filters.

Viruses routinely get ring 0 privs in 98, I'm relatively sure they'll be able to do the equivalent in XP given some coding time.

Exactly. I`m not saying it WILL happen.

Its just a lot of the people who are "dissing" him are saying "oh, you can stop that with a simple firewall". But the point he`s trying to make is that the people who this affects dont even know how to spell firewall, let alone what it is or how to install it.

Originally posted by bvark
Gibson did a lot of good work examining and categorising the reflective DoS.

However, bitching at windows for raw sockets support is like whinging at bullet manufacturers that their products kill people.

The real change needs to be at the ISP and large LAN level (e.g. universities), where _everyone_ needs to turn on anti-spoofing filters.


I agree entirely there.


Viruses routinely get ring 0 privs in 98, I'm relatively sure they'll be able to do the equivalent in XP given some coding time.

Thats kind of hard seeing as user processes (even Administrator ones) cant actually get those priviledges without passing through signing first. You cant load an unsigned kernel module (which is the only way to get to ring-0) without user authorisation.

Oh wait users... the weak link... ok you win.

Originally posted by KermitTheFrag
Oh wait users... the weak link... ok you win.

My (and gibsons) point exactly... the security issue doesnt come from users like ourselfs who have more than 0.0001% of a clue on how to actually move a mouse and not click on the "format C: are you sure?" button when a trojan launches it..

It comes from the users who dont have a clue... and dont want one. They just want to surf the web, look at a bit of free porn, get their e-mails, and thats pretty much it (in internet terms).

They`ll install comet cursor, and kazaa, and bonsai buddy, and mIRC version 5.1, and not be any the wiser of the GAPING security holes that reside in their beloved software.

So the more that "responsible" OS and other software manufs can do to eliminate this sort of problem the better.

I mean, fine.. i`m all in favor of having raw sockets, but maybe they should have only included it in XP Pro ? thus limiting the user base to people who have at least 10% of a clue.

A group of people asked random punters in Victoria station about passwords, they were doing a servey to see if people were using dictionary words (bad) or random gibberish (which 90 % of the time means they typed the word in wrong).

but what is even more of a shoking statistic

Two thirds of those quizzed were seemed perfectly happy to hand over their company passwords to complete strangers - which must make those in charge of IT security shudder in disbelief.

http://www.theregister.co.uk/content/6/24812.html

no wonder there all called Lusers.

ROFL.... yes.. this is why we have security risks.

where i worked we didnt have any removable media thank feck (none at all!). Also giving your password to someone was a firable offense and grassing on naughty people was encouraged.

OOooohhh the pleasure...

My last job i had the fun task of sifting through e-mails seeing what people were sending as attachments :P

ooh the things you find :)

PFY: ARRRRRG where was that video that Naughty Natalie sent me last week.

BOFH: I deleted it, its company policy to delete all attachments now.

PFY: YOU DID WHAT ?!?!?!

BOFH: Have no fear, its stored along with the bosses porn collection on the Backup Tape marked "Tuesday"

PFY: We do backups now?

I own/admin several Red Hat Linux servers, there is no way to protect them from DoS attacks, even with firewalls and so on.

Steve Gibson is basically saying how easy it is, I could write a virus in an hour that'll DoS attack a website, self spread it over a large number of computers on different networks worldwide and basically the result would be the server going down, even if I managed to get it on just a few hundred computers, there are enough aol users (newbies) out there for example that would read and open the attatchment like (aol.com)
Or just write a vbs virus that does the same thing as Steve Gibson did, spreading itself over an IRC network.

how do I know this, because I lost £200 2 days ago because of it :-(

As they say, sh*t happens.

talking of worms etc ... heres an interesting read about warhol worms:-

http://www.cs.berkeley.edu/~nweaver/warhol.html

btw on a side note (this is completely imho etc), a server shouldn't physically go down under full / excessive load ever. Perhaps denying a proportion of unhandlable connections as a last resort but the server shouldnt ever die.

If they did get a nice big new worm then there is no reason why they couldn't dos one of the big servers off the net.

In fact I expect it to be done within the next few years anyway. As to raw sockets... no reason why it wouldn't happen it does give them more options so yeah I can't see why it won't. The fact is coding is getting easier and so in the end it will have to come down to the ISP's to filter it out.