==================================                   
=INTRODUCTION TO DENIAL OF SERVICE=
===================================

1)WHAT IS A DENIAL OF SERVICE ATTACK?

Denial of service is about without permission knocking off services, for example through crashing the whole  system. This kind of attacks are easy to launch and it is hard to protect a system against them. The basic  problem is that Unix assumes that users on the system or on other systems will be well behaved.

Sometimes could a denial of service attack be a part of an attack to gain access at a system. At the moment  I can think of these reasons and specific holes:

1. Some older X-lock versions could be crashed with a method from the denial of service family leaving the  system open. Physical access was needed to use the work space after.

2. Syn flooding could be a part of a IP-spoof attack method.

3. Some program systems could have holes under the startup, that could be used to gain root, for example  SSH (secure shell).

4. Under an attack it could be usable to crash other machines in the network or to deny certain persons the  ability to access the system.

5. Also could a system being booted sometimes be subverted, especially rarp-boots. If we know which port  the machine listen to (69 could be a good guess) under the boot we can send false packets to it and  almost totally control the boot.



2) ARE SOME OPERATING SYSTEMS MORE SECURE?

This is a hard question to answer and I don't think that it will give anything to compare different Unix  platforms. You can't say that one Unix is more secure against denial of service, it is all up to the  administrator.
A comparison between Windows 95 and NT on one side and Unix on the other could however be  interesting.

Unix systems are much more complex and have hundreds of built in programs, services...
This always open up many ways to crash the system from the inside. In the normal Windows NT and 95 network were is few ways to crash the system. Although were is methods that always will work.

That gives us that no big different between Microsoft and Unix can be seen regardning the inside attacks. But there is a couple of points left:

-Unix have much more tools and programs to discover an attack and monitoring the users. To watch what another user is up to under windows is very hard.

- The average Unix administrator probably also have much more experience than the average Microsoft administrator.

The two last points gives that Unix is more secure against inside denial of service attacks.

A comparison between Microsoft and Unix regarding outside attacks are much more difficult. However I  would like to say that the average Microsoft system on the Internet are more secure against outside attacks, because they normally have much less services.

3) ATTACKING FROM THE OUTSIDE

UDP AND SUN OS 4.1.3.
SunOS 4.1.3. is known to boot if a packet with incorrect  information in the header is sent to it. This is the cause if the ip_options indicate a wrong size of the packet.

The solution is to install the proper patch.

FREEZING UP X-WINDOWS
If a host accepts a telnet session to the X-Windows port (generally somewhere between 6000 and 6025. In most cases 6000) could that be used to freeze up the X-Windows system. This can be made with
multiple telnet connections to the port or with a program which sends multiple XOpenDisplay() to the port.

The same thing can happen to Motif or Open Windows.The solution is to deny connections to the X-Windows port.

HOW TO DISABLE ACCOUNTS
Some systems disable an account after N number of bad logins, or waits N seconds. You can use this feature to lock out specific users from the system.

BROADCAST STORMS
This is a very popular method in networks there all of the hosts are acting as gateways. There are many versions of the attack, but the basic method is to send a lot of packets to all hosts in the network with a destination that don't exist. Each host will try to forward each packet so the packets will bounce around for a long time. And if new packets keep coming the network will soon be in trouble. Services that can be misused as tools in this kind of attack is for example ping, finger and sendmail.

EMAIL BOMBING AND SPAMMING
In a email bombing attack the attacker will repeatedly send identical e mail messages to an address. The effect on the target is high bandwidth,a hard disk with less space and so on... Email spamming is about sending mail to all (or rather many) of the users of a system. The point of using spamming instead of bombing is that some users will try to send a replay and if the address is false will the mail bounce back. In that cause have one mail transformed to three mails. The effect on the bandwidth is obvious.

4) HOW DO I PROTECT A SYSTEM AGAINST DENIAL OF SERVICE ATTACKS?

You can not make your system totally secured against denial of service attacks but for attacks from the outside you can do a lot. I put this work list together and hope that it can be of some use.

SECURITY PATCHES
Always install the proper security patches. As for patch numbers I don't want to put them out, but that  doesn't matter because you any way want to check that you have all security patches installed, so get a list and check! Also note that patches change over time and that a solution suggested in security bulletins (i.e. CERT) often is somewhat temporary.

EXTRA SECURITY SYSTEMS
Also think about if you should install some extra security systems. The basic that you always should install is a log daemon  and a wrapper.A firewall could also be very good, but expensive.