Denial of Service Attacks: Threats and Methodologies
| Date | 01 February 1999 |
| Pages | 351-351 |
| Published date | 01 February 1999 |
| DOI | https://doi.org/10.1108/eb025906 |
| Author | Richard E. Overill |
| Subject Matter | Accounting & finance |
Journal of Financial Crime — Vol. 6 No. 4 — Computer Crime
BRIEFINGS
COMPUTER CRIME
Denial of Service Attacks: Threats and
Methodologies
Richard E. Overill
SCOPE AND DEFINITIONS
The provision of any service requires the utilisation of
resources. In a digital context these resources might
be processor cycles, memory capacity, disk space or
communications bandwidth. A Denial of Service
(DoS) attack implies either the removal of those
resources by some external event or their pre-
emption by a competing process; this should be
understood to include rerouting or replacing a
service. The sole objective of a DoS attack is thus
to prevent the normal operation of a digital system
in the manner required by its customers and intended
by its designers. As such, DoS attacks on the mission-
critical or business-critical infrastructure systems of
financial, commercial or other enterprises offer the
potential for sabotage, blackmail or extortion opera-
tions.
Four general types of DoS attack will be consid-
ered here, namely line-of-sight devices, worm pro-
grams, flood attacks and subversion of intrusion
detection systems.
LINE-OF-SIGHT DEVICES
One recently described line-of-sight device is the
HIRF (high-intensity radio frequency) or HERF
(high-energy radio frequency) gun which can tem-
porarily disrupt digital circuits at close range (of
the order of 1m). A parts list and circuit design for
such a device was posted on an Internet bulletin
board in 1995 and described at Info WarCon in
1996;1 see Figure 1. The device has subsequently
been built and tested to demonstrate the veracity of
the design.
The EMP (electromagnetic pulse) cannon can
permanently damage digital circuits at longer
ranges (of the order of 1km) by blasting them
with a pulse of microwave energy in the frequency
range 0.5-100 gigahertz (GHz). The circuit boards
arc effectively 'fried' by this process, which a
US hacker using the handle Dark Tangent has
claimed can release 2 megawatts (MW) in 0.001
seconds.2
The two devices described above thus have the
capability of halting the operation of critical com-
puter systems or communications networks, either
temporarily or permanently.
WORM PROGRAMS
Worm programs were originally designed to 'mop
up'
the idle time on a network of computers with
useful computations in a manner transparent to the
users.
The worm program replicates itself in each
node of the network and activates a portion of the
desired computation if the node is quiescent; if a
node becomes busy its computation is suspended
and withdrawn.
Malicious worms, however, may simply consume
system and network resources by increasing expo-
nentially in numbers until they render the system
incapable of performing any useful work whatsoever.
This state of 'electronic gridlock' represents another
form of DoS attack which is no less disruptive to a
commercial online transaction processing (OLTP)
system than a HIRF gun attack.
The best-known example of a worm-mediated
DoS attack occurred in November 1988 when
Robert Morris Jr, a student at Cornell University,
released a worm program which exploited known
defects in the Unix and VAX/VMS operating sys-
tems to spread itself swiftly through 6,200 computers
on the Internet, bringing them to a standstill for up to
a week at an estimated cost of over $100m.4 Worm
Page 351
To continue reading
Request your trial