DDoS (distributed denial of service) attacks, while they have not been in the news recently, are still a high point of computer problems for many sites. Additionally, these attacks compromise the network on which they run, so it is important to us to keep Michigan Tech's network relatively DDoS free. Like viruses, a great deal of misinformation and confusion surround the subject, so we hope to clear some of that up.

Every computer on the internet has a certain amount of bandwidth that can be used at one time. Each time a computer sends a request, a part of that bandwidth is used up, both for the sending and receiving computer. There is far more bandwidth that comprises the internet than one user could ever take up all at once, as these backbones are designed to be used by several thousand users simultaneously. To use a common metaphor, think of the available bandwidth to a server as a monstrous highway. Cars (these requests) speed back and forth to their destination all day and all night. These requests have legitimate reasons to contact the server they are going to; we'll use an oil change as the point that the cars are speeding towards. As cars speed to the quick lube (server) to get an oil change (web pages), everything runs smoothly. Suddenly, thousands of cars appear at the on-ramp, speeding into traffic and causing a mess of gridlock. This is roughly equivalent to a Denial of Service attack. So many requests are made to the server that none of the legitimate users can have their requests fulfilled.

Distributed computing has been a hot topic for the last few years, with projects designed to analyze radio signals from space or break a cryptographic cypher by using average home computers on networks instead of a single, powerful mainframe computer. This distributed technology was not around long before it was used for less legitimate purposes, such as the DDoS. The attack can be set in motion by only a few people even though hundreds of computers may be sending requests to the server being attacked.

Most of the computers involved in these types of attacks are involved without the knowledge of the owner. However, federal, state, and local law can hold the owner responsible for damages caused by the computer, regardless of knowledge of the involvement of the computer. It can be difficult to protect your system, but if you follow good anti-virus techniques you _should_ be relatively safe from contributing to a DDoS.

Unfortunately, Windows has no really good tools for detecting the programs that cause your computer to participate in these DDoS attacks. Often called "Trojans" (from "Trojan Horses", as the programs are often disguised as an unintrusive, "safe" program), they often evade even the best virus scanners. Without current virus definitions, you run the unnecessary risk of allowing these Trojans to run if you launch every attachment you are sent by email.

Many steps are necessary to secure your Linux or Unix system. Read our report on closing ports, and close every port not absolutely necessary for your use. You can also download this program to scan your system for the Trojans used.

For more information about Distributed Denial of Service attacks, read the following sites.

• David Dittrich's Web Site
• CERT Web Site