Originally Posted by Spooony
well that's the point of a denail of service. Your firewall blocks it yeah but it eats up your bandwidth. Doing so. Wouldn't have been a denail of service when the firewall didn't bother about.
Not quite. Again, the design of a DoS attack is not to cause massive headaches for a home user. DoS are primarily forms of cyber terrorism. the same way a flesh and blood terrorist seeks to kill or maim as many people as possible (they don't kick in a door and kill one person), so to is the purpose of a cyber terrorist. DoS attacks are unleashed against corporations, banks, or governments either to punish them for some real or imagined wrong or for some other "cause". These targets have MASSIVE bandwidth to accommodate users around the world, and a DoS attack is nothing more than requests for data, not large files or packets. Attempting to slow them down by saturating bandwidth with requests is an exercise in futility. Now, the number of requests a SERVER can process is MUCH smaller. Once a connection is made the server can fill the bandwidth with huge files (movies, data files, compressed archives, ect) and then be free to handle new requests. It is in PROCESSING those requests that the DoS attack lies. A firewall configured and designed to foil them (such as a bastion host or application-level firewall) checks the requests before passing them to the server, dropping or rejecting suspicious packets keeping them from reaching the server. Dropping is better than rejecting, since this does not alert the attacking machine to the blocking, it simply has to wait until the request times out and then try again.
What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services.
The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.
Another good, easy to understand article;
It is possible for someone to write a DoS script, then sell or give it to someone else, these are called "Script kiddies". They are low level computer users that could never write real code but have delusions of grandeur (or just delusions) and think a DoS script (or virus, or Trojan or any type of attack) just a weapon to wield as they see fit. Make them mad in a chat room or an online game, they will run a script to find your IP, then run their DoS script and sit back and giggle.
This rarely happens, and if it does, you just contact your ISP and request an IP change and explain why.Edited by Thumper - 4/24/11 at 7:40pm