DoS attacks 'running at 4000 a week'

Internet vandals carry out over 4000 denial of service (DoS) attacks a week, hitting not only big name sites such as Amazon and America Online but turning their attentions to home users with always-on connections and small foreign internet service providers.

According to research published this week by the University of California and Asta Networks, a network reliability testing firm, 12,805 DoS attacks were carried out over a three-week period against more than 5000 targets.

Stefan Savage, chief scientist at Asta, and professor of computer science at the University of California, said: "We now know with certainty that DoS attacks are even more powerful and prevalent than any single organisation has let on."

The research found that the attacks against commercial targets were extremely diverse, typically with the power to significantly hamper network service and fast enough to outgun current defence mechanisms.

For example, one common type of DoS attack requires only a rate of 500 packets per second to overwhelm a standard server. During the research period, nearly half the attacks reached this intensity, with some exceeding it by 1200 times.

One inconsistency in the research is that of attack duration, with figures ranging from minutes to days. Most attacks tended to be relatively short with 90 per cent lasting less than one hour. Only two per cent of the attacks were greater than five hours and just a few dozen spanned several days.

The researchers also found that more attackers are employing trickier methods of hiding themselves. Most programs that launch DoS attacks now select addresses at random in order to conceal the source of the packets.

Since the attacker selects source addresses at random, the targets' automatic 'responses' to the attack are distributed across the entire internet address space, causing an inadvertent effect called 'backscatter' and making the source of the problem incredibly difficult to detect.