|
|
|
Reverse Engineering Googles Business Strategies
What's in a name? That's a good question. Some feel that the name that you are given at birth provides and accurate description of who you will turn out to be.
So I began to wonder, does a domain name say as much about a future site as your name...
Software Evolution
As Internet connections become more permanent with broadband
access, software will be able to evolve into a more efficient
and personalized medium. Currently, most software run from our
hard drives and require installations that alter our...
The Human Side of Web Hosting
M6.Net, a web-hosting company (What the hell is that?) has turned this techno-phobic writer into a working member of a new age information and communication team. Let me tell you a story, a story about a crazy company that sits high up in the...
Top Ten Things to Ask Yourself About Your Website
1. Does it download fast?
"Most website crafters are in T1s, LANs and DSL, yet only 7% of the market has broadband and that's leveling off," says Bryan Eisenberg, in "Future Now." "Most customers surf at 56k or slower and roughly 60% still surf...
Understanding Broadband - Are You Ready To Upgrade?
Are you ready to upgrade your residential service to DSL or business service to real broadband or T1? Well, the answer lies in what you need. Before you can realize your needs, you must understand more of what the word broadband really means....
|
|
| |
|
|
|
|
|
|
Cyber Terrorism: DDOS Attacks
DDOS Attacks: What are they exactly?
Since many sites have been claiming DDOS Attacks without much of an explanation. We figured that we should provide some details.
What Exactly is a DDOS Attack?
It was in early 2000 that most people became aware of the dangers of distributed denial of service (DDoS) attacks when a series of them knocked such popular Web sites as Yahoo, CNN, and Amazon off the air.
It's been almost four years since they first appeared, but DDoS attacks are still difficult to block. Indeed, if they're made with enough resources, some DDoS attacks - including SYN (named for TCP synchronization) attacks - can be impossible to stop.
No server, no matter how well it's protected, can be expected to stand up to an attack made by thousands of machines. Indeed, Arbor Networks, a leading anti-DDoS company, reports DDoS zombie armies of up to 50,000 systems. Fortunately, major DDoS attacks are difficult to launch; unfortunately, minor DDoS attacks are easy to create.
In part, that's because there are so many types of DDoS attacks that can be launched. For example, last January, the Slammer worm targeted SQL Server 2000, but an indirect effect as infected SQL Server installations tried to spread Slammer was to cause DDoS attacks on network resources, as every bit of bandwidth was consumed by the worm.
Thus, a key to thinking about DDoS is that it's not so much a kind of attack as it is an effect of many different kinds of network attacks. In other words, a DDoS may result from malignant code attacking the TCP/IP protocol or by assaulting server resources, or it could be as simple as too many users demanding too much bandwidth at one time.
Typically, though, when we're talking about DDoS attacks, we mean attacks on your TCP/IP protocol. There are three types of such attacks: the ones that target holes in a particular TCP/IP stack; those that target native TCP/IP weaknesses; and the boring, but effective, brute force attacks. For added trouble, brute force also works well with the first two methods.
The Ping of Death is a typical TCP/IP implementation attack. In this assault, the DDoS attacker creates an IP packet that exceeds the IP standard's maximum 65,536 byte size. When this fat packet arrives, it crashes systems that are using a vulnerable TCP/IP stack. No modern operating system or stack is vulnerable to the simple Ping of Death, but it was a long-standing problem with Unix systems.
The Teardrop, though, is an old attack still seen today that relies on poor TCP/IP implementation. It works by interfering with how stacks reassemble IP packet fragments. The trick here is that as IP packets are sometimes broken up into smaller chunks, each fragment still has the original IP packet's header as well as a field that tells the TCP/IP stack what bytes it contains. When it works right, this information is used to put the packet back together again.
What happens with Teardrop, though, is that your stack is buried with IP fragments that have overlapping fields. When your stack tries to reassemble them, it can't do it, and if it doesn't know to toss these trash packet fragments out, it can quickly fail. Most systems know how to deal with Teardrop now, and a firewall can block Teardrop packets at the expense of a bit more latency on network connections, since this makes it disregard all broken packets. Of course, if you throw a ton of Teardrop busted packets at a system, it can still crash.
And, then, there's SYN, to which there really isn't a perfect cure. In a SYN Flood, the attack works by overwhelming the protocol handshake that has to happen between two Internet-aware applications when they start a work session. The first program sends out a TCP SYN (synchronization) packet, which is followed by a TCP SYN-ACK acknowledgment packet from the receiving application. Then, the first program replies with an ACK (acknowledgment). Once this has been done, the applications are ready to work with each other.
A SYN attack simply buries its target by swamping
it with TCP SYN packets. Each SYN packet demands a SYN-ACK response and causes the server to wait for the proper ACK in reply. Of course, the attacker never gives the ACK, or, more commonly, it uses a bad IP address so there's no chance of an ACK returning. This quickly hogties a server as it tries to send out SYN-ACKs while waiting for ACKs.
When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs, and that's the end of that server until the attack is cleared up. The Land attack makes SYN one-step nastier by using SYN packets with spoofed IP addresses from your own network.
There are many ways to reduce your chances of getting SYNed, including setting your firewall to block all incoming packets from bad external IP addresses like 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255, as well as all internal addresses. But, as SCO discovered, if you throw enough SYN packets at a site, any site can still be SYNed off the net.
Brute Force Attacks
Common brute force attacks include the Smurf attack and the User Datagram Protocol (UDP) flood. When you're Smurfed, Internet Control Message Protocol (ICMP) echo request packets, a particular type of ping packet, overwhelm your router. Making matters worse, each packet's destination IP address is spoofed to be your local broadcast address. You're probably already getting the picture. Once your router also gets into the act of broadcasting ICMP packets, it won't be long before your internal network is frozen.
A UDP flood works by someone spoofing a call from one of your system's UDP chargen programs. This test program generates semi-random characters for received packets with another of your network's UDP echo service. Once these characters start being reflected, your bandwidth quickly vaporizes.
Fortunately, for these two anyway, you can usually block them. With Smurfing, just setting your router to ignore broadcast addressing and setting your firewall to ignore ICMP requests should be all you need.
To dam up UDP floods, just block all non-service UDP services requests for your network. Programs that need UDP will still work. Unless, of course, the sheer volume of the attack mauls your Internet connection.
That's where the DDoS attack programs such as Tribe Force Network (TFN), Trin00, Trinity, and Stacheldraht come in. These programs are used to set DDoS attack agents in unprotected systems. Once enough of them have been set up in naÃ?Æ?Ã?¯ve users' PCs, the DDoS controller sets them off by remote control, burying target sites from hundreds or even thousands of machines.
Unfortunately, as more and more users add broadband connections without the least idea of how to handle Internet security, these kinds of attacks will only become more common.
Deflecting DDoS Attacks
So what can you do about DDoS threats? For starters, all the usual security basics can help. You know the drill: make sure you have a firewall set up that aggressively keeps everything out except legal traffic, keep your anti-viral software up to date so your computers do not become a home for DDoS agents like TFN, and keep your network software up to date with current security patches. This won't stop all DDoS attacks, but it will stop some of them like Smurfing.
You may not think you need these services, since in a worse case scenario you're still going to get knocked off the net. But not every attack will be a massive one with thousands of attackers. For most attacks, these services can definitely help.
And, let's face it, today we have PC's the net 24-7. With DDoS attacks on the rise, you'd be wise to at least familiarize yourself with DDoS prevention services. After all, it's not only your network in danger, it's your business.
About the Author
An elite team of regular "Joes's" fighting back & making huge cash online one day at a time.
dDawg as a team has been able to create a profit on the internet.
http://www.str8junk.com
|
|
|
|
|
| Broadband Internet access - Wikipedia, the free encyclopedia |
| Broadband Internet access became a rapidly developing market in many areas in the early 2000s; one study found that broadband Internet usage in the United ... |
| en.wikipedia.org |
|
| UK Broadband Internet Access |
| Listings of UK broadband internet access providers and their prices, links to provider guides and reviews. |
| paler.com |
|
| PC World - Buying Guides - Broadband Internet |
| Buyers' Guide to Broadband Internet Contents ... For the majority of those looking to upgrade to broadband Internet for the business or home, it's all about ... |
| www.pcworld.idg.com.au |
|
| Broadband Internet Access Service Providers - High Speed Cable and ... |
| Discount offers for broadband high speed, cable and DSL Internet access service providers from Broadbandinfo.com. Additionally we provide free online high ... |
| www.broadbandinfo.com |
|
| Telewest - Broadband Internet - Digital TV - Phone - Cable ISP ... |
| . ... Jump to the Homepage [Accesskey '1']; Jump to Navigation menu [Accesskey 'n']; Jump to Main Content [Accesskey 'c']; Jump to Contact Us [Accesskey ... |
| www.telewest.co.uk |
|
| FCC Broadband Internet Access Page |
| List of resources from Federal Communications Commission regarding broadband Internet and access issues. |
| www.fcc.gov |
|
| BT.com: Broadband Internet, mobile and fixed telecommunications ... |
| National telecommunications provider. Details on products and services, plus user area. |
| www.bt.com |
|
| Primus > Home - Australia's leading Broadband Internet, Telephone ... |
| Primus / iPrimus - Australia's leading Broadband Internet, Telephone, Mobile, VoIP and Dial Up provider. |
| www.iprimus.com.au |
|
| Virgin.net ISP - Broadband Internet access, news and entertainment |
| Virgin.net, the UK's innovative Internet service provider. All you need for broadband and dial-up access, entertainment, information and news. |
| www.virgin.net |
|
| 1 24% of rural Americans have high-speed internet connections at ... |
| File Format: PDF/Adobe Acrobat - View as HTML |
| Your browser may not have a PDF reader available. Google recommends visiting our text version of this document. |
|
| ADSL Plans - ADSL Modems - ADSL Broadband Internet - Telstra BigPond |
| Choose from BigPond broadband ADSL plans by speed and usage to suit your needs. View BigPond broadband ADSL modem options for your broadband ADSL internet ... |
| www.bigpond.com |
|
| ntl.com | broadband internet, telephone packages, cable tv |
| Broadband cable internet access from ntl, get high speed cable internet access at affordable prices. |
| www.home.ntl.com |
|
| Westnet - Broadband Internet, ADSL, Dialup, Web Hosting, Domain ... |
| Westnet provides a range of Broadband Internet, ADSL, Dialup, Web Hosting and Phone services Australia wide. Connect with Australia’s Number 1 ISP for ... |
| www.westnet.com.au |
|
| Broadband Internet : Find Broadband Internet Access Providers with ... |
| Find Broadband Internet Service Provider. TheBroadbandGuide.com is a comprehensive directory of Broadband Internet Provider. |
| www.thebroadbandguide.com |
|
| Internode - Broadband ADSL Internet Access |
| Internode - Broadband Internet Access and other Internet services. ... Internode Broadband ADSL is the broadband Internet solution you have been looking for ... |
| www.internode.on.net |
|
| CHOICE - Setting up broadband internet |
| Setting up broadband internet. How to get ADSL broadband, step by step Online 02/04. Contents. Setting up broadband internet · Availability and choice ... |
| www.choice.com.au |
|
| Wireless Broadband Internet Service Provider: High Speed Wireless ISP |
| Clearwire is a wireless broadband internet service provider (high speed wireless ISP) providing high speed wireless broadband internet access in Abilene TX, ... |
| www.clearwire.com |
|
| SurfCity Networks Broadband Internet |
| SurfCity Networks Broadband Verizon DSL High Speed Internet and Web Hosting. |
| www.surfcity.com |
|
| ISP - Wireless Broadband Internet Provider, iBurst, ADSL Broadband ... |
| Australian ISP providing business dialup, high-speed broadband, network access and datacentre services. |
| www.chilli.net.au |
|
| NTL - Broadband Internet - Digital TV - Phone - Cable ISP ... |
| Digital Television Network. |
| www.ntl.com |
|
|