Application of Denial of Service Attacks
© Copyright 2000 - 2004, Corsaire Limited. All Rights Reserved
In order to achieve business goals, organisations frequently have to develop bespoke application solutions or customise commercial off-the-shelf (COTS) packages. These range from complex back-office database applications, CRMs and asset management systems to customer-facing fat and thin applications. Corporate web-applications offer anything from a simple brochure request to a full e-business implementation.
Availability of these services is important for customers and users of the site, with any disruption directly affecting revenues, negatively impacting confidence in the company or even damaging the brand.
Denial of Services (DoS) attacks aimed at disrupting network services range from simple bandwidth exhaustion attacks and those targeted at flaws in commercial software to complex distributed attacks exploiting specific COTS software flaws. These types of attack are not new and have been used to devastating effect to prevent normal operation of the victim sites. Historically, these attacks by hacktivists and extortionists alike have targeted companies as diverse as eBay and Microsoft, the RIAA and SCO, and a plethora of online gambling companies.
Attackers have not, as yet, exploited the full range of vulnerabilities present in many online services particularly attacks aimed at the application and data processing layer. With the rise of increasingly targeted and motivated attacks and attackers, these application level DoS attacks will inevitably be exploited for nefarious gains.
Denial of Service Attacks
Conceptually, DoS attacks are intended to prevent legitimate users, customers or clients of a site from successfully accessing it. Traditional DoS attacks have been aimed at consuming resources or disrupting services at the network or operating system level.
Typical examples are server-based attacks such as SYN floods and bandwidth exhaustion attacks that attempt to saturate the victim's Internet connection with spurious traffic.