How a 'denial of service' attack works

One by one, leading sites on the Web have been brought to their knees by so-called denial of service attacks. CNET News.com shows you how such attacks work and how companies can prevent them.

First, it was Yahoo.

Then Buy.com, on the day the discount e-tailer went public. One by one, leading sites on the Web have been brought to their knees by so-called denial of service attacks. Such attacks flood a Web server with false requests for information, overwhelming the system and ultimately crashing it. The following graphics explain how such attacks work and how companies can possibly prevent them.

 
How a "denial of service" attack works

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.

Typical connection

"Denial of service" attack

 
How to block a "denial of service" attack

One of the more common methods of blocking a "denial of service" attack is to set up a filter, or "sniffer," on a network before a stream of information reaches a site's Web servers. The filter can look for attacks by noticing patterns or identifiers contained in the information. If a pattern comes in frequently, the filter can be instructed to block messages containing that pattern, protecting the Web servers from having their lines tied up.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Jaguar F-type S Coupe is beautiful and impractical

With stunning lines and sharp handling, the F-type S Coupe is an excellent sports car, and as impractical as a true sports car should be.

by Wayne Cunningham