************************************************************** * * * CYBERSPACE * * A biweekly column on net culture appearing * * in the Toronto Sunday Sun * * * * Copyright 2000 Karl Mamer * * Free for online distribution * * All Rights Reserved * * Direct comments and questions to: * * * * * ************************************************************** DOS Sucks Those three hated letters "DOS" are back. But I'm not talking about Microsoft's Disk Operating System. On the net DOS means "Denial of Service". It's a term that refers to a range of various attacks on your computer or network. A DOS attack attempts to disconnect you from the net. Unlike traditional hacking attempts, where a hacker tries to gain illegal entry by exploiting a system's backdoor or a weakness in its password system, these types of attacks are equivalent to taking a sledgehammer to a front door. It's purely brute force. You flood the computer with junk data until it barfs. DOS attacks hit the front page recently with electronic assaults on such corner stones of the new e-conomy like Amazon.com and Ebay. Such antics are not new, however. Normal Joes and Josephines on the net have been suffering them for years. Users of chat services such as IRC and ICQ have traditionally been the victims of DOS attacks. Basically anything that exposes your IP address and lets the world know you're online can make you a target. Many users of Internet chat systems are not high functioning individuals in society. They take strange offense that you might not want to talk about pro-wrestling. If you're a woman, they take greater offense that you don't want to talk to absolutely every greasy 21-year-old male looking for sex. Sometimes you don't have to do anything to suffer an attack other than being an English Canadian. Users of IRC channels such as #toronto often find themselves targets of a form of cyber-terrorism perpetrated by users of Quebec ISPs trying to make some political statement about separation. Using a range of no-brainer tools (derisively known as "kiddie scripts" in the parlance of True Hackers), a person with a beef against you can sniff you out and disconnect your computer from the net. The most popular of these attacks is generated by a freely available program called Winnuke. Winnuke exploits a bit of sloppy programming in Windows 95. Winnuke sends data to your computer that generates something called an out of bound (OOB) error. An OOB error occurs when a malicious instruction tells your computer to go look for data in a certain range and no data is found. Older versions of Windows 95 have no way to handle the absence of expected data. If you are hit by one of these OOB errors, your computer will lock up, giving you the famous Blue Screen of Death. You need to drop your net connection and restart your computer with the ol' three finger salute (ctrl + alt + del). Fortunately, Microsoft corrected this error in later editions of Windows 95 and Windows 98. Users of older version of Windows 95 can download a patch from the Microsoft page. Even if you're patched against the OOB error, you're still vulnerable to other DOS attacks. Some attacks can make your computer disconnect by sending packets of data that overlap when your computer tries to reassemble them. Other attacks try to flood you by sending more requests for information than your system can handle. These attacks have cute names like Teardrop, Smurf, and Bonk. But nothing is cute about them when you're the victim because you didn't want to chat with some lamer. Luckily you are not defenseless against DOS attacks. There are various programs available that will scan the data coming into your computer and block known methods of attack. My favorite tool is an app known as Nukenabber. It's available from www.dynamsol.com/puppet. Nukenabber will not only filter out junk data, but it provides information helping you identify who's trying to knock you off the net. If you're attacked, you can email the information Nukenabber provides to the offender's postmaster@ or abuse@ email address. With any luck and a sysadmin who's on the ball or actually gives a care, you can have the offender's account yanked. After all, DOS attacks are illegal.