DDoS attacks start by the attacker(s)
placing Zombie (technically, “bot,” short for “robot”) programs in a series of
compromised computers hooked by relatively high-bandwidth connections to the
Internet. These Zombies are programmed to monitor specific Internet Relay Chat
(IRC) chat rooms to receive further instructions. The Zombie attack is directed
and coordinated by a Zombie Master, who sends instructions to the individual
Zombie, who then begins generating a flood of malicious traffic aimed at the
target. Figure
1-3 shows a DDoS attack.
Early DoS attacks on some famous web sites involved many computers
on university campuses and even some from security agencies. These computers had
unprotected security holes, were online around the clock, and provided large
connections to the Internet. Today, DSL and cable modem connections make many
home and small business computers more attractive as Zombie sites because they
often lack the security features and staff to defend against the intrusion.
Some Zombies, once in place, download and install additional
applications that can map the local network, capture passwords or keystrokes,
and report findings to the instigators of the attacks.
Sections
Comments (0 posted)
Syndication
