Could someone explain the difference, if any, betweent DOS attacks and bot downloading overloads?

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

I would very much appreciate if someone would explain the difference in the recent Denial of Service attacks (deliberate) and the effect of excessive bot downloads that overwhelm a server. I recall during the first few days of January the forum was a bit bouncy, then finally crashed. While either can effectually take down a system, what are the similarity and differences of these two types of events?

Don't have much of a chance to do any posting with school, work and family obligations, but I give my addiction to the forum full reign; checking on postings here has become my relaxing diversion. (Well, not exactly always relaxing, per se, but it's MY time out, hehe.)

Thanks so very much to all of you for your diligence in providing food for thought and updates on what is going on 'out there.' Please continue to disregard the trolls, and post whatever you consider important of world events. Being a pattern recognizer, like many of you, the the more information I have, the more connections I can find AND the more conclusions I can determine to be valid or invalid. (No, Trolls. I DON'T need protection from what others believe! No one's responsible for my actions/beliefs but ME.)

Now, about the technical similarities/differences of the events of DOS attacks and bot overloads? Are they the same thing - do they differ only in intent????

-- Evaign (Offbrand@hotmail.com), February 11, 2000

Answers

Simply speaking, the main difference is intent.

A 'bot over-enthusiastically hoovering a site can bring it down, but that was not the intent. The 'bot's owner can usually be contacted and persuaded to desist, or to throttle back his creation.

In contrast, a DoS attacker *intends* to bring down a site. A sub- classification can be made between fair means and foul. If a site can be taken down simply by creating normal traffic in excess of what the site's designers anticipated, at least part of the blame is theirs. In contrast, if the attack involves generating pathological traffic that fundamentally could not arise during normal heavy usage, far less blame can be attached to the site's designers. This is the commoner form of DoS attack.

BY analogy, you might compare the effect of one outsize truck with a heavy load to that of three normal trucks driving abreast and as slowly as legally possible. Both cause a traffic jam behind them, but....

-- Nigel (nra@maxwell.ph.kcl.ac.uk), February 11, 2000.


I do believe that this is one case where intent makes all the difference! Errors can be rectified, but deliberate criminal attacks need to have sufficient strong measures taken. Without, of course, impinging on personal freedoms (there, of course, lies the rub).

From a prosecution point of view, I think that intent can be inferred from several factors: Was it a coordinated attack, which required a lot of planning? This is the case of recent DoS attacks, which have been planned and implemented beginning in December... Or is it a one- time thing, from a single site, with no attempt to cover who did it?

That said, the end result may be the same...temporary outage.

-- Mad Monk (madmonk@hawaiian.net), February 11, 2000.


Moderation questions? read the FAQ