IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [denial-of-service]

Denial of Service (DoS) is a family of attacks that attempt to force a target to use up resources (CPU time, memory, bandwidth etc) by flooding a target with useless packets, connections or tasks.

Denial of Service (DoS) is a family of attacks that attempt to force a target to use up resources (CPU time, memory, bandwidth etc) by flooding a target with useless packets, connections or tasks.

432 questions
152
votes
7 answers

Can someone take down Wi-Fi signal?

Is it possible that someone made an attack (DoS or something else) to my Wi-Fi router (without knowing of the password) and make my router's signal unavailable? 1) How it can be done? 2) What are remedies?
T.Todua
  • 2,677
  • 4
  • 19
  • 28
96
votes
6 answers

Is it safe to let a user type a regex as a search input?

I was in a mall a few days ago and I searched for a shop on an indication panel. Out of curiosity, I tried a search with (.+) and was a bit surprised to get the list of all the shops in the mall. I've read a bit about evil regexes but it seems that…
Xavier59
  • 2,874
  • 3
  • 17
  • 34
70
votes
2 answers

How can ISPs handle DDoS attacks?

How can an ISP with low bandwidth like 50 Gbps handle a DDoS attack with more than this? I know there is a solution called "Black Hole". Is this enough to mitigate DDoS attacks or are there any other enterprise solutions? What kind of DDoS…
R1W
  • 1,617
  • 3
  • 15
  • 30
65
votes
9 answers

Can attackers get anything with DoS attacks except crashing the service?

A DoS (short for "denial of service") attack is a form of attack used on web services which aims to "crash" the service. Is there any motive of this form of attack besides crashing the service / website? For example, I could think of blackmailing/…
Martin Thoma
  • 3,902
  • 6
  • 30
  • 42
61
votes
4 answers

I think I accidentally DoS'd a website. What should I do?

I was browsing a website, and stumbled across a sample scheme for password-protecting web pages. The owner of the website specifically had a page that invited people to attempt to hack it. I wanted to give it a try, so I wrote up a quick python…
Michael0x2a
  • 721
  • 1
  • 5
  • 9
57
votes
7 answers

Does it make sense to consider a triggerable server software crash a DOS attack?

I've found a little vulnerability in a web application running on Node.js server. It works by sending some crafted payload to the application server, which makes the application server code to throw an error and due to lack of error handling - It…
Matías
  • 507
  • 1
  • 4
  • 4
57
votes
11 answers

Can a DDoS attack yield any information?

Can a DDoS attack reveal any information or be used to mount a hack? My understanding is that the whole point of DDoS or DoS is to consume all of the resources/overload the server causing it to crash. And that being the only reason to do a DDoS. I…
KosugiNinja
  • 689
  • 1
  • 5
  • 6
44
votes
3 answers

Can I trust the source IP of an HTTP request?

As far as I've understood, if you try to issue a HTTP request with a spoofed IP address, then the TCP handshake fails, so it's not possible to complete the HTTP request, because the SYN/ACK from the server doesn't reach the evil client ... ...in…
KajMagnus
  • 687
  • 1
  • 5
  • 10
36
votes
6 answers

Preventing artificial latency or "Lag Hacking" in multiplayer games

There is an attack that some people have dubbed "lag hacking", and its gaining popularity in multiplayer games. There are at-least two ways of creating artificial latency. One method of introducing artificial latency is using a lag switch, where…
rook
  • 46,916
  • 10
  • 92
  • 181
34
votes
3 answers

Is there a security reason for a site to limit the number of times a user can change their password?

Is there a security reason to disallow a user to change their password as frequently as they want? I have found this security policy in a site and I am not sure why it is enforcing it. One reason I can imagine is that the change password…
kinunt
  • 2,759
  • 2
  • 23
  • 30
32
votes
3 answers

How do DoS/DDoS work?

In the last days one could frequently read about attacks from anonymous and LulzSec against different platforms like Sony or HBGary etc. Yesterday for example they DDoS'ed soca.gov.uk and jhw.gov.cn. My question is: How did this work? Since the PSN…
binfalse
  • 493
  • 1
  • 4
  • 9
29
votes
4 answers

Normal usage vs. denial-of-service? How many requests are needed to talk about a denial of service?

Recently I used a tool to download a website and as part of the tool one could adjust the number of parallel connections. So now I found myself asking: starting from how many requests a provider could rate it as a denial of service. I googled around…
Lonzak
  • 413
  • 1
  • 4
  • 8
28
votes
1 answer

TCP Peer unexpectedly shrunk window messages in dmesg log

We get quite few messages like these in our dmesg log on various servers: TCP: Peer 0000:0000:0000:0000:0000:ffff:d431:5861:56369/80 unexpectedly shrunk window 2522304441:2522312601 (repaired) TCP: Peer 192.162.164.1:33760/60908 unexpectedly shrunk…
nelaaro
  • 635
  • 2
  • 7
  • 11
26
votes
5 answers

Is unauthorised deletion an integrity or availability issue?

During a web application test I have discovered a parameter tampering issue that allows a user to delete comments left by other users. They can't modify the content of other users' comments, and they can only view them where this is intentional. I'm…
paj28
  • 32,736
  • 8
  • 92
  • 130
24
votes
4 answers

nf_conntrack: table full, dropping packet

I see a lot of these messages in /var/log/messages of my Linux server kernel: nf_conntrack: table full, dropping packet. kernel: __ratelimit: 15812 callbacks suppresse while my server is under DoS attack but the memory is not still saturated. I am…
hnn
  • 997
  • 2
  • 8
  • 12
1
2 3
28 29