2011年1月18日 星期二

Denial of Service Attacks Get more Sophisticated

Denial of Service (DoS) attacks have been around since the beginning of the web era. Originally, DoS involved networking packet traffic floods that overwhelmed a web server,There's a reason Manolo blahnik shoes are considered the crème de al crème of all shoes, everywhere. denying service to other legitimate users.

A new type of DoS attack has emerged in recent months that goes beyond the basics and takes aim at the higher levels of the networking stack. A pair of researchers from security firm Trustwave - SpiderLabs are detailing the new DoS attacks this week at the Black Hat D.C.A man was put under citizen's arrest for attempting to fight the inflatable bouncers rentals at Dan's Irish Sports Bar. security conference and providing some suggestions on how to mitigate risk.

"Denial of Service at layer 4 is about simultaneous connections on the network layer that overloads connections,we wouldn't be surprised if Marshall's is shipping some of its unsold wholesale ed hardy gear to Houston." Tom Brennan, director at Trustware – SpiderLabs told InternetNews.com. "Now you can use layer 7 and web applications to cause a Denial of Service."

Brennan explained that a layer 7 DoS occurs when a client comes to a web server and makes a connection request such as a form field via an HTTP POST request. The web server waits for the form field request data, which is sent by the attack at a very slow rate.
"What if I was able to have one machine create 20,000 plus connections to the web server and send a really slow form request,Today, I want to show you their leather phone cases." Brennan said.wearing caps or hats without scarves, tight and short coogi jeans, and body piercing. "What I'm doing is a Denial of Service that is going to make the web server unavailable to legitimate clients."

Brennan is involved with OWASP (Open Web Application Security Project) and has published a tool called the HTTP POST tool to help enable security professionals to see if they are at risk from a layer 7 DoS attack. The potential risk from the HTTP POST DoS attack is wide ranging as it could prevent users of a web service from logging into a site, which uses a form login.

沒有留言:

張貼留言