RootsTech 2014

Some people eat, sleep and chew gum, I do genealogy and write...

Thursday, June 26, 2014

What is a Denial of Service Attack and Should I be Worried?

Headlines from the recent denial of service attack on Ancestry.com and FindAGrave.com used the word "hack" to incorrectly describe the event. Neither of the two websites were "hacked" according to the most common definition of the term. Hacking involves using a computer to gain unauthorized access to data in another computer system. Using the word "hack" either as a noun or verb changes the original use of the term. Originally, a hacker was nothing more than a person who was enthusiastic about computing. Over time, the word took on a sinister and negative meaning when it was used to refer to unauthorized entry into data files. The neutral use of the term has all but disappeared except in computer circles.

The problems with the computers owned by Ancestry.com and its subsidiary, FindAGrave.com, were not caused by any kind of unlawful entry. The word "hack" has expanded to mean any externally caused problem with a large computer system. What happened to the Ancestry.com was a denial of service attack which was a successful attempt to flood the network with requests to Ancestry.com to such an extent that their computer servers could not handle the traffic and shut down or stopped working properly. It is like having a million people show up at the same store at the same time and try to get entry. There are at least three different types of denial of service attack modes. See CERT, Software Engineering Institute, Carnegie Mellon University, Denial of Service Attacks. The news accounts of the Ancestry.com attack are not specific enough to explain exactly what happened. Quoting from the Carnegie Mellon University article:
Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack:
  • consumption of scarce, limited, or non-renewable resources
  • destruction or alteration of configuration information
  • physical destruction or alteration of network components
I have not seen any reports of which of the three methods brought down the Ancestry.com computers. Although there are several ways this type of attack can be executed, the most common involves sending a huge number of messages to the host computer and overwhelming its capacity. The details of how these attacks succeed are quite technical and not easily explained. 

The question that occurs to individuals is whether or not this is another thing they need to be worried about. The answer is quite simple, no. This is a problem created in servers, those are the machines that provide content to the Internet. Unless you are running a server from your personal computer, and you would know a lot more about this subject if you were, you do not have to worry too much about denial of service. There are lots of other ways your computer can become compromised with worms, viruses, trojan horses and all the other types of problems sometimes referred to by the umbrella term "malware," but this is not one that usually occurs with personal computers. 

There are still very ample reasons to practice safe computing. Here is a good summary from the Massachusetts Institute of Technology (MIT).



2 comments:

  1. At risk of you responding "But that wasn't what I meant...", when you ask "The question that occurs to individuals is whether or not this is another thing they need to be worried about" and you respond "The answer is quite simple, no", I beg to differ.

    One possible - and frequent - method of launching a Distributed Denial of Service attack is to launch huge numbers of messages at the target from a "botnet" of "zombies". See
    The Ancestry Insider on http://www.ancestryinsider.org/2014/06/ancestrycom-attacked-by-zombies-part-2.html

    Your readers need to worry because their PC could be one of the zombies launching the attack - the solution is that they need to get decent internet security software and KEEP IT UP TO DATE. That way it *should* protect them against downloading the infection that turns their PC into a zombie. And it *should* stop any infection present getting their orders from the zombie botnets.

    No guarantees, of course....

    What your readers do not need to worry about (and I suspect what you meant) was they don't need to worry about being the *target* of a DDOS attack.

    ReplyDelete
    Replies
    1. That could be the case, but then the user would not know that his or her computer was compromised. There are some good, free programs that will scan your computer and keep the descriptions of the malware up to date also.

      Delete