Find out how the hackers do it.

Page 1  2  3
Many big sites, including Yahoo!, eBay, and ZDNet, have suffered hacker-induced denial-of-service attacks. Basically, hackers flooded these sites' servers with requests, causing the servers to either crash completely or fail to serve webpages to legitimate users.

Denial-of-service attacks tie up targeted systems in such a way that they no longer can provide their usual services. It would be like a large number of people talking to you at once: You couldn't listen to any of them.

How could one person take down Yahoo? It could be one person, but more likely it's a team of hackers acting at the same time. This is called a distributed attack.

A team could use several computers to run programs (or, more correctly, scripts) that overload a targeted site's servers. It's important to note that nobody broke into Yahoo!, or eBay, or any of the other sites brought down by denial-of-service attacks. The hackers simply shut down the sites by overwhelming them.

So how do the attackers do it? In the case of Yahoo!, someone could write a script that requests a search for "Kate" over and over. The requests come so frequently that the machine becomes busy with the fake queries and can't serve pages to anyone else.

A normal CGI script, like those used on search sites such as Yahoo! and eBay, limit the number of posts to that script. Hackers take advantage of a flaw in the script to overwhelm it.

If you look at Yahoo! source code, you can see the form used for the search function simply sends info to a CGI script. It's in a binary file called "search." The program runs when you press the search button.

All an attacker needs to do is write a program that sends requests over and over to the Yahoo! search script. If the hacker sets up enough machines running the requesting program, the target site's CGI script will become overloaded and deny service to anyone else trying to use the site.

Sites can combat this attack very easily if they know who did it. The hackers probably spoofed their IP addresses or in some other way hid their tracks. It's very possible for a program to send a script that could come at the target from multiple directions.

Even so, you'd need several computers all running at the same time to overwhelm a site as large as Yahoo. The company reported up to a gigabyte of information per second was sent during the attack.

Richard Power is the author of "Tangled Web: Tales of Digital Crime" and editorial director of the Computer Security Institute.

Page 1  2  3