 Welcome to Denial of Service Attacks. In this learning object, we'll explore what a denial of service, or DOS, attack is, and how a single hacker can take down a system. As an IT professional, it's important to understand the history of these attacks so you can continue to guard against them. What is a denial of service attack? During a denial of service attack, a hacker denies a service to authorized users. In addition to an outright denial, it may also involve delaying time-critical operations by preventing a machine, a server, or an entire network from responding to a user's request. Hackers create these delays through resource exhaustion, where they take up, or exhaust, all available bandwidth, disk space, or memory capacity. They find ways to trick a machine into either crashing or performing so poorly that it's impossible to work as intended. Denial of service attacks are intentional and malicious. How do they work? In the early days of network computing, it was quite easy for a single person to wreak havoc on users and websites. Once upon a time, it was possible for a single hacker to exploit TCP-IP protocols. The hacker simply flooded a server with multiple ping requests until it was overwhelmed and couldn't respond, which effectively shut down the server. Early hackers invented ways to exploit weaknesses in TCP-IP, ICMP, packet implementations because they knew that early operating systems couldn't handle these errors. Quack, quack! Simply sending the server something other than what it was expecting was enough to shut it down. At one point, even sending packets larger than what the ICMP specification called for was enough to crash a machine. Another early trick involved exploiting the TCP-IP three-way handshake. Here's how the handshake works. The client sends a SIN packet to the server, indicating its intention to synchronize or start a conversation. The server returns a SIN-AC packet, acknowledging the SIN request. The client then sends an ACK packet, acknowledging the SIN ACK and waits for further communications. No, no, do it! Hackers exploited this known process by not communicating after the final ACK, which left the server hanging. The server is effectively left saying, oh, I'm waiting, and waiting, and waiting. The hacker starts multiple conversations and always leaves the server waiting after the final ACK packet. These fill the server's incoming queue and its limited number of open requests. The hacker has effectively backed up the server and denied service to all legitimate requests. Aside from attacking TCP-IP vulnerabilities, hackers are also adept at attacking poorly constructed websites. For instance, unprotected search mechanisms provide a popular point of access into a website. Let's look at a typical online store web application. Say you need to buy a heat lamp for your guana, padfoot. Enter the term heat lamp into the search box on Bob's Exotic Animals website. Your search request passes from your computer to the web server. But Bob's inventory isn't on the server, it's in his database. So the web server passes your search term to Bob's database in a query. His database compiles a list of all matching product records and passes it back to the web server, which organizes and formats those records before sending them back to you and displaying them on your computer screen. Ah, there's the heat lamp padfoot needs. Legitimate searches, like yours, are no problem for Bob's website. But what if a hacker is attempting to crash the site? What if they're trying to trick the system into doing something it can't handle? Let's say the hacker enters A-E-I-O-U into the search box on Bob's website. Instead of searching for a specific word or phrase, the hacker wants every product name that contains a vowel. The search request is passed off the same way to Bob's database. However, this time, the matching product records take longer to compile because the hacker's request matches every product in Bob's database. Now, what happens if the hacker sends the same search request hundreds if not thousands of times? Because Bob didn't prevent this type of denial of service attack, it effectively locks up his database and shuts down his website. Now no one can order heat lamps. Nowadays, programmers design operating systems to address and avoid TCP-IP errors. They also typically aggressively protect against malicious use of systems. Searching for the vowels A-E-I-O-U on any well-designed website won't fool the process and it won't take down a website. Because of programming advancements, it's very difficult for a single hacker to take down a server or network using these attack methods. However, as programmers address known vulnerabilities, hackers, ever innovative, continue to evolve and find new techniques to attack servers. DOS attacks have evolved into DDOS attacks or distributed denial of service attacks. Distributed means the attacks are spread out over several, perhaps thousands, of computers instead of launching from a single computer. But that is a topic for another day. Today, you learned what a denial of service attack is and how hackers exploited early flaws in operating systems to deny service to authorized users. Understanding the history of these attacks provides you with the foundation to prevent future attacks. Congratulations! You've completed denial of service attacks.