GEOG5870/1M: Web-based GIS A course on web-based mapping

General: Attacks against Business

A popular attack over the years has been the Denial of Sevice (DoS) attack. These were classically run by just making massive numbers of repeated page requests to a server from a single machine, blocking other users and (in some cases) overloading machines. However, most servers now recognise rapidly repeated requests from the same IP address as a potential attack and refuse to serve to that address. Attacks of this nature are now generally more sophisticated than this, but broadly still work by flooding in requests of some type. Recently the attacks have come from networks of people who sign up to run attack scripts, or, often, from machines that have previously been compromised: so-called Zombies, which are used to make Botnets. Such Distributed DoS attacks are generally used for punishing percieved wrongdoing or for blackmail, though are occasionally used to keep systems administrators busy while other attacks are done.

The main reason for understanding DoS attacks is to avoid accidentally doing them yourself. For example, when polling websites for changes, it is fairly easy to make requests so frequently of a site that the server locks you out as a potential DoS. Of course, it is also possible to genuinely flood a server with requests at a DoS repeat rate if you aren't careful. An example of how to deal with polling politely can be found in this example of how to poll GitHub for changes.


[ Next: Attacks against people]