The DoS Scenario
On the evening of May 4, 2001, GRC.COM suddenly dropped off the Internet.
Within a minute of the start of the attack, it was clear to GRC.COM engineers that they were experiencing a "packet flooding" attack of some sort. A quick query of their Cisco router showed that both of their two T1 trunk interfaces to the Internet were receiving some sort of traffic at their maximum 1.54 megabit rate, while their outbound traffic had fallen to nearly zero. They were drowning in a flood of malicious traffic and valid traffic was unable to get out.
GRC.COM found themselves directly involved in a denial-of-service attack, more commonly referred to as a DoS. Their site's users were being denied the services of GRC.COM.
Luckily, because this DoS attack was prone to filtering, GRC.COM was able to weed out the bad packets and return their service to almost normal operation. In two minutes GRC.COM engineers applied "brute force" filters to their routers, shutting down all UDP and ICMP traffic, and GRC.COM instantly popped back onto the Internet.
It was finally determined that their server had been attacked by 474 security-compromised Windows PCs containing remote-control attack "zombies," in a classic DoS attack generated by the coordinated efforts of these hundreds of individual PCs.