DoS Attack: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 1:

~~{{Glossary|~~

~~|note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS.'''~~

~~| logo = DNS Seal.png~~

~~|link = http://dnsseal.wiki/~~

}}

'''DoS Attacks''', or '''Denial of Service Attacks''', involve making a website or server unresponsive and inaccessible.<ref>[http://www.us-cert.gov/ncas/tips/ST04-015 Security Tip (ST04-015): Understanding Denial-of-Service Attacks] (February 6, 2013), United States Computer Emergency Readiness Team (United States Department of Homeland Security)</ref> This can be accomplished through flooding a website with so much traffic that it can no longer respond to queries or by using bugs in the system's security to "destabilize" it.<ref name="alto">[https://www.paloaltonetworks.com/resources/learning-center/what-is-a-denial-of-service-attack-dos.html Denial of Service Attack - Prevent DoS Attacks with Palo Alto Networks], Palo Alto</ref> A distributed denial of service attack ([[DDoS |DDoS]]) is one form of DoS attack that is particularly dangerous and has receive a lot of attention in the last few years.

Line 30:

Line 24:

==ICANN Policy==

*ICANN has no policy that specifically addresses DoS attacks. However, ICANN does address DDoS attacks in blog posts<ref name="blog"/> and in a [[Security and Stability Advisory Committee]] (SSAC) advisory. ICANN's blog discusses the issues of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and ~~internet~~ service provider (ISP).<ref name="blog"/> If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.<ref name="blog"/>

*ICANN has no policy that specifically addresses DoS attacks. However, ICANN does address DDoS attacks in blog posts<ref name="blog"/> and in a [[Security and Stability Advisory Committee]] (SSAC) advisory. ICANN's blog discusses the issues of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and Internet service provider (ISP).<ref name="blog"/> If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.<ref name="blog"/>

**Read ICANN's blog post on [http://blog.icann.org/2013/04/how-to-report-a-ddos-attack/ Reporting DDoS Attacks].

Line 36:

Line 30:

*[[Computer Fraud and Abuse Act]] (CFAA): This act, last amended in 2008,<ref>[http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act Computer Fraud and Abuse Act] at Wikipedia</ref> prohibits damage to another person's computer and the unauthorized use of another person's computer.<ref>[https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29 Computer Fraud and Abuse Act (CFAA)] at Internet Law Treatise</ref><ref>[http://us.practicallaw.com/2-508-3428 Computer Fraud and Abuse Act (CFAA)], Practical Law, Thomson Reuters</ref> Harm or damage defined under the CFAA is "any impairment to the integrity or availability of data, a program, a system, or information."<ref name="tech">[http://www.technicallylegal.org/the-legality-of-denial-of-service-attacks/ The legality of denial of service attack] (December 12, 2010), Technically Legal</ref> Committing a DoS Attack often falls under these requirements, separate from any other criminal threats or demands that may have occurred.<ref name="tech"/> In relation specifically to DDoS attacks, if the hacker used a botnet to perpetrate the attack, he or she could be charged under CFAA in addition to facing civil suits.<ref>[http://us.practicallaw.com/7-516-9293 Distributed Denial-of-Service (DDoS) Attack], Practical Law, Thomson Reuters</ref> DDoS attackers can also face jail time.<ref name="naked">[http://nakedsecurity.sophos.com/2010/12/09/are-ddos-distributed-denial-of-service-attacks-against-the-law/ Are DDoS (distributed denial-of-service) attacks against the law?] by Graham Cluley (December 9, 2010), Naked Security (Sophos)</ref>

*Additionally, many ~~internet~~ service providers (ISPs) and Internet-based companies have terms in their user agreements that directly or indirectly prohibit DoS attacks.<ref name="tech"/>

*Additionally, many Internet service providers (ISPs) and Internet-based companies have terms in their user agreements that directly or indirectly prohibit DoS attacks.<ref name="tech"/>

==Additional Resources==

Line 42:

Line 36:

==Related Pages==

*[[DDoS ~~Attacks~~]]

*[[DDoS|DDoS Attack]]

==References==

Line 48:

Line 42:

[[Category:Bad Practice]]

[[Category:Glossary]]

@@ Line 1: / Line 1: @@
-{{Glossary|
-|note   = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS.'''
-| logo            = DNS Seal.png
-|link           = http://dnsseal.wiki/
-}}
 '''DoS Attacks''', or '''Denial of Service Attacks''', involve making a website or server unresponsive and inaccessible.<ref>[http://www.us-cert.gov/ncas/tips/ST04-015 Security Tip (ST04-015): Understanding Denial-of-Service Attacks] (February 6, 2013), United States Computer Emergency Readiness Team (United States Department of Homeland Security)</ref> This can be accomplished through flooding a website with so much traffic that it can no longer respond to queries or by using bugs in the system's security to "destabilize" it.<ref name="alto">[https://www.paloaltonetworks.com/resources/learning-center/what-is-a-denial-of-service-attack-dos.html Denial of Service Attack - Prevent DoS Attacks with Palo Alto Networks], Palo Alto</ref> A distributed denial of service attack ([[DDoS |DDoS]]) is one form of DoS attack that is particularly dangerous and has receive a lot of attention in the last few years.
@@ Line 30: / Line 24: @@
 ==ICANN Policy==
-*ICANN has no policy that specifically addresses DoS attacks. However, ICANN does address DDoS attacks in blog posts<ref name="blog"/> and in a [[Security and Stability Advisory Committee]] (SSAC) advisory. ICANN's blog discusses the issues of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and internet service provider (ISP).<ref name="blog"/> If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.<ref name="blog"/>
+*ICANN has no policy that specifically addresses DoS attacks. However, ICANN does address DDoS attacks in blog posts<ref name="blog"/> and in a [[Security and Stability Advisory Committee]] (SSAC) advisory. ICANN's blog discusses the issues of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and Internet service provider (ISP).<ref name="blog"/> If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.<ref name="blog"/>
 **Read ICANN's blog post on [http://blog.icann.org/2013/04/how-to-report-a-ddos-attack/ Reporting DDoS Attacks].
@@ Line 36: / Line 30: @@
 *[[Computer Fraud and Abuse Act]] (CFAA): This act, last amended in 2008,<ref>[http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act Computer Fraud and Abuse Act] at Wikipedia</ref> prohibits damage to another person's computer and the unauthorized use of another person's computer.<ref>[https://ilt.eff.org/index.php/Computer_Fraud_and_Abuse_Act_%28CFAA%29 Computer Fraud and Abuse Act (CFAA)] at Internet Law Treatise</ref><ref>[http://us.practicallaw.com/2-508-3428 Computer Fraud and Abuse Act (CFAA)], Practical Law, Thomson Reuters</ref> Harm or damage defined under the CFAA is "any impairment to the integrity or availability of data, a program, a system, or information."<ref name="tech">[http://www.technicallylegal.org/the-legality-of-denial-of-service-attacks/ The legality of denial of service attack] (December 12, 2010), Technically Legal</ref> Committing a DoS Attack often falls under these requirements, separate from any other criminal threats or demands that may have occurred.<ref name="tech"/>  In relation specifically to DDoS attacks, if the hacker used a botnet to perpetrate the attack, he or she could be charged under CFAA in addition to facing civil suits.<ref>[http://us.practicallaw.com/7-516-9293 Distributed Denial-of-Service (DDoS) Attack], Practical Law, Thomson Reuters</ref> DDoS attackers can also face jail time.<ref name="naked">[http://nakedsecurity.sophos.com/2010/12/09/are-ddos-distributed-denial-of-service-attacks-against-the-law/ Are DDoS (distributed denial-of-service) attacks against the law?] by Graham Cluley (December 9, 2010), Naked Security (Sophos)</ref>
-*Additionally, many internet service providers (ISPs) and Internet-based companies have terms in their user agreements that directly or indirectly prohibit DoS attacks.<ref name="tech"/>
+*Additionally, many Internet service providers (ISPs) and Internet-based companies have terms in their user agreements that directly or indirectly prohibit DoS attacks.<ref name="tech"/>
 ==Additional Resources==
@@ Line 42: / Line 36: @@
 ==Related Pages==
-*[[DDoS Attacks]]
+*[[DDoS|DDoS Attack]]
 ==References==
@@ Line 48: / Line 42: @@
 [[Category:Bad Practice]]
+[[Category:Glossary]]