A less known part of the recent ARP attack against H D Moore's MetaSploit site was an attempted Denial of Service attack that coincided with the successful ARP attack.
Denial of Service (DoS) and distributed Denial of Service (dDoS) attacks are almost a mainstay of background Internet traffic and have become an accepted part of hosting content online.
A pattern has been emerging from the background noise over the last few weeks which suggests that something is taking place that is resulting in an increasing number of successful attacks against moderate to large sites.
In recent weeks, there have been reports of sites such as IMDB, Attack that crippled Tevision3, CNN, Radio Free Europe, and new. Rumours have even circulated that Amazon's outage in early June was at least partially due to a dDoS attack, correlating with the attack against IMDB but this has yet to be confirmed. The odd errors that users were encountering when trying to access the Amazon site during the outage seems to point to some sort of network traffic related problem for the site.
Somewhat surprisingly, there were sporadic reports of users recently finding innocuous Google searches returning odd errors - claiming that the user was demonstrating bot-like behaviour (a fairly rare to find Google response), but disappearing on subsequent searches.
If there is a common group or technology driving this recent spate of dDoS attacks, it will probably take some time for information confirming this to be available, but it is just as likely that whoever is responsible for the attacks just doesn't want to be found or their capabilities explored, which assumes that there is some level of co-ordination about the attacks.
It has been some years since the basic type of attacks could take down a major site, but the growing use of botnets and other malicious networks has allowed anybody with a grudge and a little bit of money to pay for renting a botnet the ability to aim a significant hose of network traffic at a network for a small bit of effort.
Some attacking networks rely upon people having to manually activate a piece of software, activate their own attack tools, or manually visit a site to achieve the same aim. A number of Chinese hacking groups have been observed to use this particular technique to co-ordinate and manage their proposed attacks against targets, such as was observed with the recent targeting of CNN. In their day, a slashdotting, digging, or redditing could achieve a similar, though non-malicious effect and they still can for poorly designed and implemented Web sites.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.