Browse archive

Latest news

(IN)SECURE Magazine issue 38 released

Facebook once again accessible via Tor

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Oracle releases critical security updates for Java

Failed backups endanger revenue and productivity

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

Hacking charge stations for electric cars

Application Denial of Service (DoS) Attacks

by Stephen de Vries - Principal Consultant in Corsaire’s Security Assessment team - Thursday, 17 June 2004.

Denial of Services attacks aimed at disrupting network services range from simple bandwidth exhaustion attacks and those targeted at flaws in commercial software to complex distributed attacks exploiting specific COTS software flaws. These types of attack are not new and have been used to devastating effect to prevent normal operation of the victim sites. Historically, these attacks by hacktivists and extortionists alike have targeted companies as diverse as eBay and Microsoft, the RIAA and SCO, and a plethora of online gambling companies.

Attackers have not, as yet, exploited the full range of vulnerabilities present in many online services - particularly attacks aimed at the application and data processing layer. With the rise of increasingly targeted and motivated attacks and attackers, these application level DoS attacks will inevitably be exploited for nefarious gains.

This paper gives an insight into application level DoS attacks and draws conclusions from that.

Download the paper in PDF format here.