29 June, 2005
THE threat posed by Distributed Denial-of-Service (DDoS) continues to
worsen as society becomes increasingly dependent on the reliability of
the Internet, cyber security experts Dr Sven Dietrich and David Mundie
"There has been a marked increase of extortion cases using DDoS during
2004-2005, with attackers threatening online businesses with a denial
of service (DoS) if the payment they demand is not made," they said.
Dr Dietrich and Mundie, senior technical staffers of the Carnegie
Mellon Software Engineering Institute (SEI), are in Qatar to give
presentations at technical workshops on cyber security.
The workshops are being organised on behalf of Qatar Computer
Emergency Response Team (Q-CERT) by the Supreme Council for
Information and Communication Technology (ictQATAR) and SEI.
Q-CERT, scheduled for launch in September with support from Carnegie
Mellon University's CERT Co-ordination Centre, is envisaged as a
national organisation to conduct and co-ordinate a comprehensive set
of cyber security activities.
The forum is meant to adequately protect Qatar's critical
infrastructure as cyberspace becomes the nervous system of government,
business and education operations.
"DDoS is a serious problem that disrupts the availability of systems,
causes them to become inaccessible, unreliable, or to crash entirely,"
Dr Dietrich and Mundie said, recalling that DoS had already become a
problem in the early 90s.
The goal of a DoS attack is to disrupt some legitimate activity, such
as browsing web pages, listening to an online radio, transferring
money from a bank account, or even docking ships communicating with a
naval port, as explained in "Internet Denial of Service: Attack and
Defence Mechanisms," which has Dr Dietrich as an author.
This DoS effect is achieved by sending messages to the target that
interfere with its operation, and make it hang, crash, reboot, or do
One way to interfere with a legitimate operation is to exploit a
vulnerability present on the target machine or inside the target
The attacker sends a few messages crafted in a specific manner that
take advantage of the vulnerability.
Another way is to send a vast number of messages that consume some key
resource at the target such as bandwidth, CPU time, or memory.
The target application, machine, or network spends all of its critical
resources on handling the attack traffic and cannot attend to its
When the first massive DoS attacks took place in 1999 against
University of Minnesota, Dr Dietrich had observed and analysed it in
his capacity as a senior security architect at the NASA Goddard Space
"The first massive attacks on public websites including Yahoo and
E*Trade happened in 2000 and in the period from then to now
sophistication of attack tools has increased and at present there is
an increase of extortion cases using DDoS," the experts said.
The severity of a DoS attack reaches its peak when, for example, an
attacker gains control over 100,000 machines and engages them in
generating messages at a target. At this stage the attack becomes a
CERT Training and Education is offering a variety of courses with
special emphasis on DDoS and defences, incorporating research
approaches and concepts such as host system hardening and network
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.