Traditional DoS attacks are carried out by a single computer against a single victim. A Distributed DoS (DDoS) is carried about by numerous computers against the victim. This allows a hacker to control hundreds of computers in order to flood even high-band These computers are all controlled from a single console. It had been previously thought that major Internet sites where immune to such attacks because their bandwidth was bigger than any single computer that might launch an attack against them. However, in early 2000, hackers disproved this theory by hacking into many sites throughout the Internet and using them to simultaneously flood major Internet sites, effectively taking them offline.
How they work
Compromise: The hacker breaks into machines. The vast majority of such breakins are via RPC services on Sun Solaris servers or IIS subsystems on Microsoft WinNT servers. Linux servers are also involved to a lesser extent with vulnerable RPC and e-mail services.
Slave installation: The hacker installs slave kits. These kits accept commands from a master console that tell them what to do, such as which victim to flood.
Master installation: Hackers will attempt to install master programs on compromised machines as well.
Defense
In order to defend yourself against being used as a launching point for such attacks:
- harden servers
- Install the latest patches and remove unnecessary services.
