A recent craze in Internet intrusion are denial-of-service (DOS) attacks. A denial-of-service attack is almost impossible to stop once it starts, because it does not require the attacker to have any particular privileges on the system. The point of a denial-of-service attack is to tie up the system with so many requests that system resources are all consumed and performance degrades. High-profile denial-of-service attacks have been launched against Web sites of the U.S. government and those associated with major Internet search engines.
The most dangerous denial-of-service attack is the so-called distributed denial-of-service attack. The hacker in a distributed denial-of-service attack uses several remote computers to direct other remote computers into launching a coordinated attack. Sometimes hundreds or even thousands of computers can participate on an attack against a single IP address.
Denial-of-service attacks often use standard TCP/IP connectivity utilities. The famous Smurf attack, for instance, uses the Ping utility (see Hour 13, "Connectivity Utilities") to unleash a flood of ping responses on the victim (see Figure 19.2). The attacker sends a ping request to an entire network through directed broadcast. The source address of the ping is doctored to make it appear that the request is coming from the victim's IP address. All the computers on the network then simultaneously respond to the ping. The effect of the Smurf attack is that the original ping from the attacker is multiplied into many pings on the amplification network. If the attacker initiates the process on several networks at once, the result is a huge flood of ping responses tying up the victim's system.