Talk:Denial-of-service attack

From Wikipedia, the free encyclopedia
Jump to: navigation, search
          This article is of interest to the following WikiProjects:
WikiProject Computing / Networking / Security (Rated B-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
B-Class article B  This article has been rated as B-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (marked as High-importance).
Taskforce icon
This article is supported by WikiProject Computer Security (marked as High-importance).
 
WikiProject Internet culture (Rated B-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Internet culture, a collaborative effort to improve the coverage of internet culture on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
B-Class article B  This article has been rated as B-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
 


News This article has been mentioned by a media organisation:
News This article has been mentioned by a media organisation:

Untitled[edit]

Use of the phrase script kiddie in the article makes it biased and sounds unencyclopedic. —Preceding unsigned comment added by 128.30.9.210 (talk) 18:01, 18 October 2010 (UTC)

08 Juin 2010[edit]

There are two link on this page (VIPDoS and a Denial of service (Dos)) that link to this same page. —Preceding unsigned comment added by 74.56.77.65 (talk) 01:31, 9 June 2010 (UTC)

motives?[edit]

Nothing here about motives. Why do people launch the attacks? Call me naive but it might be a useful addition to the article. Spanglej (talk) 01:55, 6 August 2010 (UTC)

people launch those attacks to test the security of their network ( pen testing ) or because they need a life.... —Preceding unsigned comment added by 95.96.35.121 (talk) 19:14, 7 August 2010 (UTC)

Permanent denial-of-service attacks section[edit]

The section seems unclear as a whole and seems to be coming from the ideas of a single individual. In the sources there are references to the firmware update process of embedded devices. While the possibly to exploit limited write cycles in flash memory seems reasonable there is no reference to this in the article and the source does not state which specific devices are affected. Neither there is any information on what kind of access to the device the attacker would have to have. Please clarify and verify the section or remove it. — Preceding unsigned comment added by 86.32.198.11 (talk) 16:40, 3 October 2010‎ (UTC)

Actually overwriting a device's firmware isn't a denial-of-service attack but something much more serious. I'm not sure why this is in this article at all. K7L (talk) 13:02, 25 June 2013 (UTC)
Probably related to the catchy coined name – "permanent denial of service" – used to promote the idea. But yeah, I suppose that using the same rationale as this, setting off a bomb at a business's server location could be included here too; it would certainly deny service. Although the firmware alteration is more closely related to the traditional DoS attack in that it is accomplished remotely by use of software.
The source article is five years old. At that time, it discussed a concept with no known actual occurrences "in the wild". Do we know if there have been any in the interim? Fat&Happy (talk) 16:56, 25 June 2013 (UTC)
The only way to download firmware to a router or network device is with the password to that device. The attack is theoretically possible as some equipment is deployed with default passwords (like "admin/admin" or "root/admin" for residential gateway routers) but isn't DOS as the latter is based on flooding a node with pointless requests and traffic to overload it. The "PDoS" terminology appears to be an HP concoction [1] concocted in 2008 to market that firm's security product. It received some coverage at the time [2] [3] [4] and was then promptly forgotten. Worth a mention somewhere, just not here. Maybe phlashing is a trojan horse (computing) and not a DOS? K7L (talk) 17:19, 25 June 2013 (UTC)

Degradation-of-service slang name[edit]

A common slang name on the internet for a degradation-of-service attack is "bandwidth rape." —Preceding unsigned comment added by 72.88.79.65 (talk) 23:17, 20 October 2010 (UTC)

Needs section on legality[edit]

The article should have a section on the legality of DDos. Since the targets are typically public websites, making a connection is not illegal. There have also been claims that DDos can be seen as a legitimate form of protest. http://www.zdnet.com/blog/igeneration/for-and-against-ddos-attacks-as-a-legitimate-form-of-protest/7167 It's illegal in the UK [5] pgr94 (talk) 14:35, 28 January 2011 (UTC)

Just spotted the small section at the bottom of the article. It's a start, but could definitely use expanding. pgr94 (talk) 14:47, 28 January 2011 (UTC)

It's my understanding that actively responding (retaliating) to a perceived DDos attacker is illegal in some areas. I would like to see an expansion of that in the Legal section, if appropriate. — Preceding unsigned comment added by 216.57.96.1 (talk) 16:03, 30 June 2011 (UTC)

I added my bit from what I know, although I have stated it informally and it needs editing. 131.91.136.234 (talk) 17:38, 15 March 2012 (UTC)

Distributed attack[edit]

... Simple attacks such as SYN floods may appear with a wide range of source IP addresses, giving the appearance of a well distributed DoS. These flood attacks do not require completion of the TCP three way handshake and attempt to exhaust the destination SYN queue or the server bandwidth. Because the source IP addresses can be trivially spoofed, an attack could come from a limited set of sources, or may even originate from a single host. Stack enhancements such as syn cookies may be effective mitigation against SYN queue flooding, however complete bandwidth exhaustion may require involvement

Punctuation is missing at the end. It would be also interesting what kind of involvement. ENTi (talk) 06:05, 26 May 2011 (UTC)
That was added as you quoted it by Ryanmshea (talk · contribs) on 2010-02-03. I've left a note on their talk page and marked the paragraph. --Kvng (talk) 13:42, 28 May 2011 (UTC)

Stacheldraht/Stachledraht[edit]

Stacheldraht seems to be the correct spelling as this is used more. But the image is incorrectly spelt. The incorrect spelling is also in the image. Does anyone know how to correct spelling in an image? QuentinUK (talk) 11:29, 14 June 2011 (UTC)

Misspelling has been noted on the image talk page. --Kvng (talk) 23:03, 18 June 2011 (UTC)

Lulz[edit]

So... Can we get Lulz Security here? I think they are pretty major after today... But there's hype for more to come! *subscribes to all newscasts* 70.54.3.186 (talk) —Preceding undated comment added 23:04, 14 June 2011 (UTC).

Regular expression Denial of Service[edit]

The Regular expression Denial of Service article is only mentioned in the See also section of this article. Maybe it'll help the orphan issue if it was integrated into the "Methods of attack" header? 76.194.219.196 (talk) 05:30, 27 June 2011 (UTC)

My understanding is that DoS attacks are relatively easy to orchestrate, requiring very little sophistication or resources, hence the association with script kiddies. If this is the case, I think it's encyclopedic information and should be mentioned, if only in a line or two in the intro.--Atkinson (talk) 02:52, 11 February 2012 (UTC)

References[edit]

References #3 and #22 look like dead links, need to replace those references. — Preceding unsigned comment added by Sinujutsu (talkcontribs) 21:23, 16 April 2013 (UTC)

Links rot; sometimes they recover. We typically add {{dead link}} just before </ref>. This alerts readers, as well as editors who watch Category:All articles with dead external links. See also WP:Dead links. --Lexein (talk) 08:25, 12 December 2013 (UTC)

ECommerceWisdom.com dubious[edit]

The author's name in cite #28, Carl Abante, appears nowhere on http://www.ecommercewisdom.com (searched), and not on the domain registration. The site is promoting AbanteCart. --Lexein (talk) 08:25, 12 December 2013 (UTC)

BCP 38[edit]

BCP 38 should be mentioned as a primary means of thwarting these attacks. This also looks useful. I will integrate this when I get time. Anyone else is welcome jump in and do it. ~KvnG 04:00, 26 February 2014 (UTC)

Amplification factors[edit]

The amplification factors provided from US-CERT under "Reflected / Spoofed attack" are not absolute. Saying that an attack has an amplification factor of X is like saying it is always 75 degrees in San Diego. It might be, or it might be some other temperature. Recommend expanding this section to clarify that amplification factors are in fact variable and not exactly as provided by US-CERT, although they could be close in many cases. Ddosguru (talk) 11:42, 3 August 2014 (UTC)

Proposed merge with Hit-and-run DDoS[edit]

Content fork - overlapping scope and (current) lack of sources establishing independent notability. Arguably correct method should have been WP:SPINOUT. Suggest merge. Widefox; talk 05:50, 9 August 2014 (UTC)

  • Support ~KvnG 14:08, 12 August 2014 (UTC)
We strongly discourage just making a vote. Look at WP:NOTDEMOCRACY.Forbidden User (talk) 15:10, 19 August 2014 (UTC)

Proposed merge with Application layer DDoS attack[edit]

Content fork - overlapping scope and (current) lack of sources (and content - OSI model and DDoS) establishing independent notability. Arguably correct method should have been WP:SPINOUT. Suggest merge. Widefox; talk 06:00, 9 August 2014 (UTC)

  • Support ~KvnG 14:08, 12 August 2014 (UTC)
We strongly discourage just making a vote. Look at WP:NOTDEMOCRACY.