main page

humor

FAQs

links

Rants & Raves

« CD Sales and Online File Sharing | Main | Exposing Yourself in Public »

June 08, 2002  Gibson and DoS Attacks, Ch 2

Last June, I talked about Steve Gibson's article about the distributed denial of service attack against his site. It's a excellent expalnation of how these attacks occur, resulting from his investigations into an attack on his own web site. At the end of that article, he warned about the implications of raw sockets in Windows XP, which would allow script kiddies to spoof IP addresses, and lauch attacks that would be more difficult to deal with than the DDoS attacks that he had dealt with.

It seems that his prophecy has come true. He now has a new article about his investigation into a new type of attack against his site that occurred last January. It is called a distributed reflected denial of service attack, or DRDoS. It works by sending an altered SYN packet with the IP address of the attack target, instead of the IP address of the sender. The server receiving the altered packet would respond by sending a response packet (SYN/ACK) to the IP address in the SYN packet. This way, the attacking computer stays anonymous, and the unwitting server keeps sending packets to the target computer.

At the end of this article, Gibson repeats his condemnation of Microsoft's decision to include the raw sockets in Windows XP. Before this, only computers running Windows 2000 or Linux would be able launch this kind of attack. But including this capability in a consumer level OS meant that the ability to launch this kind is now in the hands of all of the teenage hackers who like to do this kind of attack.

Gibson's article on DRDoS

Posted by Christy on June 08, 2002 05:54 PM

Comments:

We have been big Gibson fans for a long time. He keeps crying into the wind, and no one is listening...sadly...

Hey, I like your commentary, fellow Leovillager. I am adding your site to my blogroll. Would it kill ya ta give me a link? (just kidding)

Posted by: Solonor on June 10, 2002 09:27 PM

Try grcsucks.com for some healthy and some unhealthy opposing views.

- Jonas

Posted by: Jonas Abersbach on August 20, 2002 12:18 PM

Post a comment

Name:


Email Address:


URL:


Comments:


Remember info?