How a 'denial of service' attack works

By CNET News.com Staff
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

First, it was Yahoo.

Then Buy.com, on the day the discount e-tailer went public. One by one, leading sites on the Web have been brought to their knees by so-called denial of service attacks. Such attacks flood a Web server with false requests for information, overwhelming the system and ultimately crashing it. The following graphics explain how such attacks work and how companies can possibly prevent them.

How a "denial of service" attack works

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.

Typical connection

"Denial of service" attack

How to block a "denial of service" attack

One of the more common methods of blocking a "denial of service" attack is to set up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers. The filter can look for attacks by noticing patterns or identifiers contained in the information. If a pattern comes in frequently, the filter can be instructed to block messages containing that pattern, protecting the Web servers from having their lines tied up.

See more CNET content tagged:
denial of service, filter, Web server, attack, request

Add a Comment (Log in or register) 3 comments

aucune
by April 8, 2005 5:40 AM PDT: my english is terrible; Reply to this comment

D
by newerawisp July 28, 2005 3:08 PM PDT: The present system of delivering the Internet service is riddled with problems. Denial of service attack is only one prooblem that can't be hidden by the multinational Companies that become a victim of such attack. But the multinational companies will hide the defects in their products or the software that powers their products that could make it possible for hackers to wage such DDOS attacks. Only to-day (July 27, 2005) at the Black Hat Confrence in Las Vegas the Cisco researcher (Michael Lynn) talked about the security flaws in the software powering the Cisco routers and was fired and was served with a restraining order preventing him from talking about the flaw. This is very irresponsible of CISCO. I'll ask every reader of these comments to write to the Cisco CEO John T Chambers to protest the firing and restraining of Michael Lynn asking him not only to hire back Michael Lynn and to vacate the restraining order against Michael Lynn.
The address of Cisco is 170 West Tasman Dr. San Jose, CA 95134-1706
It is important for people to realize that they don't have to put up with the obsolete method of surfing the net. The time has come to develop the server based method of surfing the net as described at NEW ERA WISP that would make DDOS a thing of the Past and people would not have to put up with the silencing of their employees by multinationals like Cisco.; Reply to this comment

NO NEED TO PUT UP WITH DDOS
by newerawisp July 28, 2005 3:09 PM PDT: The present system of delivering the Internet service is riddled with problems. Denial of service attack is only one prooblem that can't be hidden by the multinational Companies that become a victim of such attack. But the multinational companies will hide the defects in their products or the software that powers their products that could make it possible for hackers to wage such DDOS attacks. Only to-day (July 27, 2005) at the Black Hat Confrence in Las Vegas the Cisco researcher (Michael Lynn) talked about the security flaws in the software powering the Cisco routers and was fired and was served with a restraining order preventing him from talking about the flaw. This is very irresponsible of CISCO. I'll ask every reader of these comments to write to the Cisco CEO John T Chambers to protest the firing and restraining of Michael Lynn asking him not only to hire back Michael Lynn and to vacate the restraining order against Michael Lynn.
The address of Cisco is 170 West Tasman Dr. San Jose, CA 95134-1706
It is important for people to realize that they don't have to put up with the obsolete method of surfing the net. The time has come to develop the server based method of surfing the net as described at NEW ERA WISP that would make DDOS a thing of the Past and people would not have to put up with the silencing of their employees by multinationals like Cisco.; Reply to this comment

Latest tech news headlines

Foxmarks syncs your passwords across PCs
Posted in Webware by Rafe Needleman

October 15, 2008 5:19 PM PDT
IMDB turns 18
Posted in News - Gaming and Culture by Daniel Terdiman

October 15, 2008 5:17 PM PDT
FBI targets rise in cybercrime from U.S. and abroad
Posted in News - Politics and Law by Stephanie Condon

October 15, 2008 4:19 PM PDT
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IDC: Netbook shipments up, expect constrained IT budgets
Economic turmoil drives lowered consumer and professional spending on PCs, but makes cheaper Netbooks more attractive.
Gallery
Photos: Solar business heats up the Golden State
The Open Road
Ah, the irony! SAP freezes internal IT purchases
SAP is halting internal IT purchases. Should its customers do the same?
Coop's Corner
Vint Cerf backs Obama for U.S. president
Internet legend says he's casting his vote because of Obama's position on Net neutrality.
Video
'Prototype This' invents the future
News - Wireless
FCC chairman backs use of 'white space' spectrum
The chairman of the FCC said Wednesday that he supports the use of unused "white space" spectrum for wireless broadband services.
Video
Apple laptop redesigns and a lower price
News - Gaming and Culture
IMDB turns 18
You might not know it, but the site that has become the definitive repository of information about movies is older than the Web.
News - Cutting Edge
'60 Minutes' video: Drone warfare in Iraq
UAVs like the Predator are a highly valued asset for the U.S. military as it pursues "fleeting and perishable" targets. Lesley Stahl reports.
Gallery
Photos: 'Popular Mechanics' breakthroughs
Webware
Foxmarks syncs your passwords across PCs
Use more than one computer and hate managing passwords on them? Check this out.
Green Tech
Tesla Motors replaces CEO, plans layoff
Elon Musk, company investor and chairman, will take over as CEO, replacing Ze'ev Drori, who will join the board. Layoffs are also planned as part of a corporate review.