Jan 17, 2005
Shopping online? Support us by clicking here to shop through Amazon.com!
New Articles


iTMS problems unfounded, authorization available outside U.S.

MailBag: YML with Steve Wozniak, A Better Finder Attributes 3.1...

A video interview with ATI at MacWorld Expo

The Mac Side: The Expo Experience

Product News: TackyShirt releases first DVD, QuickConvert migrates to Mac OS X...

MacWorld CreativePro Expo - Picture Galleries

MacWorld Report - Day 4 - July 18th

MacWorld Report - Day 3 - July 17th

MacWorld Report - Day 2 - July 16th

Power Mac G5 at MacWorld CreativePro pictures

MacWorld Report - Day 1 - July 15th

MacWorld: Daily updated blog

MacWorld CreativePro Coverage

The Mac Side: Konfabulator Konfections

Mail-Bag: musiconmac.com Launched -- Keynote Gallery Portfolio theme -- Asante USB 2.0 products-- CDBaby + MWCP on YML

Apple unveils Power Mac G5



New Reviews

PHR-100AF 3.5" Firewire Enclosure

Power Mac G5 2 GHz

TackyShirt Mac OS X: The Basics DVD

Business Card Composer 1.0.3

MSN Messenger 3.5

The Sims: Unleashed

The Sims: Vacation

Myth III: The Wolf Age

SMC Barricade 7004AWBR Wireless Router

REALbasic 4.5.1

.Mac Review

WarCraft III: Reign of Chaos

MacOS 10.2 Jaguar Review

M-Audio's Sonica

Epson Stylus Photo 750

Monsoon MM 700 Speakers

Civilization III

Click N Design 3D Review

Reckless Drivin Review



Other Stuff

:: Links
:: Past Polls
:: Newsletter
:: Free E-Mail
:: Site Page
:: Search
:: Contact
:: About Us
:: Support Us!
:: Online Store
:: Advertising


Quick Links
MacSurfer Headlines
MacNN
MacCentral
The Mac Mind
MacUpdate
PowerPage
YourMacLife
MacAddict
Sell A Mac
MacComedy


Support us!
Shopping online? Support us by using the links below to shop!
  • 123Inkjets.com
  • Amazon.com
  • Audible.com
  • ClubMac
  • Crucial
  • DMTS FCP
  • eBay
  • Handspring
  • Iomega
  • MacMall
  • OneShare.com
  • Red Light Runner
  • StuffIt Expander







    		•

    Editors Note: This report was posted sometime in 2000 and is not a Mac related part of CoolMacintosh.com. We have left it on the site for nostalgic reasons :), and because the report might still be of interest to some readers.

    Denial Of Service Attacks

    By Fabian Westerwelle

    Introduction
    In the last years the problem of Denial of Service(DoS) attacks, has risen. In February buy.com, ebay.com, amazon.com, cnn.com, zdnet.com, etrade.com, and the microsoft network were one of the many companies attacked. (Dube) Not just websites are at stake but even personal computers. A DoS attack is when someone floods and thus brings to halt a electronic device. Many hackers use other unsuspection third party computers, known as zombies or slaves, to flood the victim server with millions of bits of information. On a computer some of the resources a hacker can consume to bring the computer to halt are CPU time, network bandwidth, and volatile and non-volatile memory. The attacker who brought down buy.com, ebay.com and amazon.com consumed their network bandwidth so no one could log onto the server. There have always been DOS attacks, but now that the internet has grown, and that millions more people use the internet has made this a much bigger problem.

    Zombies and How a DoS Attack Works
    The hacker who caused the DoS attacks at ebay.com and others used the system of using “zombies” (other computers under the command of the hacker) to flood the websites under attack. The hacker writes a program that tells the other computers to send falsified data to routers on the net wich in turn are fooled to flood the websites with requests for information, this program is now send to the zombie computer via an attachment or network. When it arrives it runs in the background without the user noticing any change. Computers connected to the internet have thousands of ports that work like doors for network services. For example, mail travels through port 25 and Website data travels through port 80. Only a few of these “doors” are open at a time, depending on what kind of data a computer accepts. The hacker, trying to enter the computer runs a “port scanner” that sends messages to all possible ports to see which ones are open and accept information, and what kind of computer it is. Many programs that accept data like web servers in a computer have flaws. The hackers use a toolkit of different programs to find these flaws on available ports. If a flaw is available, the hacker can inject a “daemon” on the computer, a program that runs in the background unknowingly and steals the computers resources. When the hacker logs off, the daemon uses its own toolkit to install a daemon on another computer then the daemons work together and launch an attack. With all these daemons the attack is farther away from the hacker and he is harder to trace. (“Hijacking a Computer”)

    Most of the time zombie computers are servers of big universities or colleges which have been hacked into. The University of California at Los Angeles, University of California in Santa Barbara, Stanford University, The Icon Group, Envisoneering, a home business computers, and several other sites were used in February to bring down the previous named websites by “MafiaBoy” a fifteen year old from Canada. (Dube, Ross) The user of the “zombie” computer can really not do anything, actually most of the time they don’t even know that they are being used to attack the websites until after the attacks are finished.

    Different Kinds of DoS Attacks
    There are many kinds of DoS attacks. The easiest to use and most common attack is the "Ping of Death" attack which involves transmitting an ICMP echo packet greater than 65535 bytes in length to a vulnerable machine. (“Ping of Death”) Even though this package can not be created because of IP configurations, it can be send in fragments and later reassembled. This is the job of the zombie computers. There are many programs that use the idea of the “Ping of Death” and are mostly used by system administrator's to test their systems. These include Jolt/SSPING, nestea.c, sesquipedalian.c, snork.c, land.c, killwin.c (Modified Winnuke). (“Denial Of Service Attack”) Another attack is a Chargen Denial of Service Attack. A chargen DOS attack mostly includes the use of UDP (User Datagram Protocol) ports. (“UDP Denial of Services”) This attack is mostly mounted against Windows NT computers with Simple TCP/IP (Transmission Control Protocol and Internet Protocol. Standard for the transmissionof data among computer systems. (Greenspun, 564) ) Services. The attack consists of a flood of UDP datagrams sent to the subnet broadcast address with the destination port set to 19 (chargen) and a spoofed source IP address. The NT computers respond to each broadcast, creating a flood of UDP datagrams. (“Denial of Service Attack”) The best know DoS tools, used for setting up and launchin a DoS attack, that use this system are: trinoo, tfn, and stacheldradt. Trinoo was one of the earliest DoS tools discovered. TFN, another tool, is more powerful because it can send a UDP, Smurf, or ICMP flood. Early versions of tfn included password protection for the intruder, but not encryption. Dave Dittrich, a software engineer for the University of Washington and an early victim of infiltration by the DoS package, explained that encryption has been added to recently-discovered versions of and variations on tfn, such as TFN2K. TFN uses ICMP (the Internet Control Message Protocol, also part of TCP/IP) to send messages between the program and the person who is operating it and allows communication to get by most firewalls. Stacheldrahdt, a third DoS tool uses TFN and featuers a auto update function, which works with help of RCP, a remote file copy command. (“DoS attack programs find warm, safe place on Solaris”) Other programs that use this system include: synk4.c, smurf.c, fraggle.c, octopus.c, and pingflood.c. (“Denial of Service Attack”) A third type of attack is a SYN attack. To understand how a SYN attack works you first have to understand how TCP/IP works when a service is connected to. First a SYN packet is send to which TCP/IP responses with a SYN-ACK. When the client responses to the SYN-ACK a connection is established and the conversation is started. The way hackers use this system to start a DoS attack is by not responding to the SYN-ACK, and which leaves the service waiting and tied up until it times out. When the client continues to send SYN packatges the address of the source is changed to a fake host, and as long as the SYN packets are sent faster than the timeout rate of the TCP stack waiting for the time out, the resources of the service will be tied up. (HackFaq, 5.4) Denial of service attacks do not always have to be directed to servers and big websites they can also be directed to personal computers. Many times this is done in forms of Java or other such scripts. These scripts make the users computer unusable in the way of using up so much of the webrowsers memory that the computer or browser freezes because to much CPU processing power is used. One example is a Java applet that paints big black windows on your screen so that you can’t access any other things on your screen. The applet displays a fake password dialog window. If the users enters their name or password it will be sent to the hacker but otherwise does nothing. The only thing the user can do is shutdown his or her browser and restart it. (“Denial of service”) Things that can be done to protect Networks from DoS attacks There are no many things that private computer users, and system administrators can do to protect thesmelves from being attacked and being used as a zombie. Partly because mostly the system administrators only notice the attack after it has been finished and personal computer may never notice that they are being used as a zombie because the daemon runs in the background. The best thing a system administrator can do is to set up a firewall, and patch up their system. Patches “harden” system and refuse connections in certain conditions, for example if too many connections are made from one source. Also administrators should have a plan of action when an DoS attack occurs such as canceling broadcasts. (“CERTŪ Advisory CA-2000-21 Denial-of-Service Vulnerabilities in TCP/IP Stacks”) A system administrator can check if a computer is under a SYN attack by entering the command “netstat -n -p tcp” in a comand line to check how many SYN connections are made. If there are many connections in the state of SYN_RECEIVED, then it is possible that the computer is under attack. The connections should be canceld and the administrators can use a Network Analyzer to track down the problem and find out where its comming from. (“Denial of Service Attacks”)

    Conclusion
    DoS attacks are part of cyber crime which will last forever and very likely increase over the years as more technology is coming and newer devices, that are connected to the Internet, are being produced. Even though new technology to prevent DoS attacks is being produced, DoS attacks, as part of cyber crime, will last. The best thing us humans can do is to hope for the best and prepare for the worst.


    Alright we have to include the Bibliography. So if youactually want to read it click here.



    All trademarks are propery of their respective owners.



    Readers Specials
    Audible.com Listen to your favorite news and novels through iTunes. www.audible.com

    Click here for your favorite eBay items Check eBay daily for the newest Mac stuff! Including new and old systems, software, hardrives, CD-RW's, T-Shirts and more..www.ebay.com

    ClubMac - The Online Mac SuperStore Get free shipping at ClubMac on orders over $99 until June 30th! www.clubmac.com

    Factory-direct memory upgrades Adding RAM is the most cost effective way to boost your computer's performance. Upgrade factory-direct today with Crucial Technology.www.crucial.com




    ipod

    Readers Specials
    Audible.com
    Listen to your favorite news and novels through iTunes.
    www.audible.com

    eBay
    Check eBay daily for the newest Mac stuff! Including new and old systems, software, hardrives, CD-RW's, T-Shirts and more..
    www.ebay.com

    ClubMac
    Check out ClubMac's Blowout Deals daily for specials on Macintosh products!
    www.clubmac.com

    Crucial
    Adding RAM is the most cost effective way to boost your computer's performance. Upgrade factory-direct today with Crucial Technology.
    www.crucial.com

    News on other sites..

    Monday, January 17, 2005

    News

    Mac Beautification by Francois Joseph de Kermadec, O'Reilly Network
    As much as I love the interface, I was stuck in my quest for the perfect screen backgrouund.

    The Portable Mac OS X Geek by Leander Kahney, Wired News
    Who says you can't run Mac OS X on a Pocket PC?

    Audio Abounds At Macworld Expo by Barry Willis, Stereophile

    Mac Users Mark 20 Years by Theresa Hogue, Corvallis Gazette-Times
    Twenty years ago, a group of dedicated Macintosh computer users came together to share a particular passion for their platform of choice.

    Laptop Tryout Pleases Schools by Chris Kenning, Courier-Journal
    Five months after a controversial $5 million experiment first put $1,200 Apple iBooks in the hands of nearly 3,000 students and teachers at four underperforming schools, Jefferson County Public Schools administrators say learning has increased and misuse has been minimal.

    Mac Mini May Chip Away At Windows by Todd Bishop, Seattle Post-Intelligencer
    The low-price Mac Mini could enhance the halo effect.

    iMovie HD To Be Offered Separately For $10? by MacMinute

    iRiver CEO 'Surprised' At Apple's iPod Shuffle by Martyn Williams, IDG News Service
    "In a sense it's not a competitor to an iRiver product because we have more features and focus on the premium area. Maybe there is a certain group of users who don't care about searching (for songs) and displays."

    Mac Mini Arrives Next Month by Reuben Schwarz, New Zealand Stuff

    Opinion

    Small, Cheap, And Without A Display by John Gruber, Daring Fireball
    With millions of happy iPod users new to the Apple brand, and millions of unhappy Windows users fed up with crapware security issues, there's never been a better time for Apple to make a move into the low end of the market.

    Is Apple Thinking About Mac TV? by John Markoff, New York Times
    Why did Steve Jobs spend so much time talking about HDTV at this week's Apple announcement?

    Sidetrack

    Rain, From Far Away by Heng-Cheong Leong, MyAppleMenu

    Have you checked out the new MyAppleMenu podcast already? :-)

    A Sad Story... by Heng-Cheong Leong, MyAppleMenu

    "Dear Ellie: Last week was my son's 12th birthday, and all he wanted was a Sony iPod... They were nowhere [at stores]. So I looked on eBay. I outbid several people and had the owner rush delivery for my son's birthday... Turns out I got him a Sony Walkman instead of iPod."

    This story is so sad on many levels... but the saddest part is the following:

    "He opened [the gift], frowned, pounded his hand on the table, and snapped it in half like a spoiled kid as everyone looked on in horror."

    "How could I teach him a lesson and give him a gift without being walked over?"

    Wintel

    Longhorn: One Version Or Many? by Gregg Keizer, TechWeb

    Sunday, January 16, 2005

    News

    Do Tiny Music Players Drown Out Real Life? by Andrew Shain, Charlotte Observer

    Apple's Baby To Shake Computer Market To Core by Perry Gourley, Scotsman

    Aqua OpenOffice.org 2.0 Cancelled by MacSlash

    One iPod, Many Uses by Jeremy Au Yong, Straits Times
    Scientists use it. Deejays use it. Why, even thieves use it. Apple's iPod, it appears, is not just an accessory for playing music.

    Just For Kicks by Straits Times
    Ever since fitness instructor Haley Wong started using her iPod to provide music for her aerobics classes, she has shed more than 4kg. From her backpack, that is.

    Homework Porter by Straits Times
    Previously, Rachel Yeo would burn her projects onto CDs to be taken home. Now she just plugs her iPod into one of the Macs at school and downloads her work directly onto the portable hard drive.

    A Music Spinner by Straits Times
    When master of ceremonies Jeffrey Low needs some background music for an event, more often than not, he turns to his 20GB iPod rather than his stack of CDs.

    Band's Best Friend by Straits Times
    Musician Jack Ho find sthe iPod indispensable when his band EIC rehearses.

    Frills And Thrills by Straits Times
    New little add-ons for the iPod seem to show up almost every week.

    Mac Mini AppleCare Is Apple's Cheapest by MacMinute

    Opinion

    Geeks Aside, Apple Is Gospel Of Simplicity by Miek Thomas, Orlando Sentinel
    I cried — not out of sentimentality, but because at long last, a computer finally had listened to me.

    iPod Shuffles Hard To Get? Blame Word-Of-Mouth Networks by Robert Scoble, Scobleizer
    Here's a company selling a flash-based MP3 player that's very similar to tons that have been out there for months, if not years. But, notice how fast word has spread that Apple had a hot new product...

    Apple's Inspirational Marketing by Joe Wilcox, Jupiter Research

    Why The iPod Is Music To Apple's Ears by Richard Siklos, Telegraph
    Apple's stellar results are a truly remarkable milestone for the company: they are also a wake up call to its rivals.

    iPod Shuffle Fashions by Scott Artt, My Cummerbund Fell In The Toilet
    The only way for Apple to compete [in the smaller-cheaper player market] is to use Apple's design experience and move the Shuffle into becoming a fashion necklace, a piece of jewelry or a branded clothing accessory.

    Thinking May Not Be All It's Thought To Be by John Schwartz, New York Times
    Feel the ripple in the zeitgeist? Two new slogans are busily burrowing their way into popular culture. Steven P. Jobs introduced one last week: "Life is random."

    After 20 Years, Finally Capitalizing On Cool by Randall Stross, New York Times
    Apple is well positioned for the future. When consumers open their wallets to buy things that have machine intelligence, or provide digital entertainment, or link to the Internet — that is, just about everything in a household that is not edible — they are likely to be drawn to the company with cachet, offering the best-designed, best-engineered, easiest-to-use products, priced affordably thanks to Mr. Moore's old law and Mr. Jobs's new pragmatism. They'll turn to the company that best knows how to meld hardware and software, the company embodied int he ecstatically happy hipster silhouette. The company that is, in a word, cool.

    Review

    Shuffle: Music Or Podcasts? by Russell Beattie, Notebook
    Chalk one up for Apple, once again they've thought wholistically and it shows.

    Sidetrack

    What Is The Opposite Of Microsoft? by Heng-Cheong Leong, MyAppleMenu

    Microsoft wanted everyone in the world to use Windows Media Player. How did they try? By going to all the media companies and convince them to use Windows Media format so that you and I have no choice but to subscribe to Microsoft's vision in order to watch, listen, and read.

    Apple didn't try to out-license Microsoft. Instead, Apple went the other way: by making the coolest and most useful platform, so that you and I will choose the platform and embrace Apple's vision. No content from the big media companies? Doesn't matter. Apple will create the music store, and the users will fill in the rest with MP3s and podcasts. Who needs Windows Media Player and Microsoft?

    Joe Wilcox: Rather than watch Sonic X [on] Saturday morning, [my 10-year-old daughter] is making her own entertainment.

    Saturday, January 15, 2005

    Top Stories

    We're In The Era Of Jobs II by David Akin, Globe And Mail
    Apple already rivals Dell in manufacturing efficiency, and is poised to beat it on profit margins, earnings and revenue growth. On new product innovation, analysts say, Apple is unrivalled.

    Announcement

    The Natives Are Restless by Heng-Cheong Leong, MyAppleMenu

    MyAppleMenu Shuffle, a new podcast from me, is up and running. Please e-mail me should you encounter any problems. Life is random.

    News

    The Desk Set by Philip Michaels, Macworld
    Here are some eye-catching desks I spotted at Expo that you will be able to get your hands on — once they start shipping, that is.

    The Macworld Unknown Best Of Show by Alan Graham, O'Reilly Network
    There are a number of products on the show floor that might interest you, but don't necessarily get picked up by the mainstream press. Here's my list of the 5 best Mac/non-Mac items of Macworld 2005.

    Monster Fueled By Caffeine by Leander Kahney, Wired News
    Delicious Monster is the Mac software company behind the hit Delicious Library, a program for cataloging collections of books, movies and games. The software is elling like hot cakes and has garnered rave reviews and awards, yet the company's headquarters is a Seattle coffee house.

    New Apps At Macworld Lure Print Professionals by Daniel Drew Turner, eWeek
    Though this year's Macworld Expo here had a definite focus on consumer hardware, many third-party developers used the occasion to show off applications designed for print professionals on the Mac OS X platform.

    How Big Will The Mini Be? by Ina Fried, CNET News.com
    Windows developer Alex Gorbatchev just bought his first Mac.

    Little iPod Looms Large In American Culture by Dan Buccino, Baltimore Sun
    The iPod is the perfection of mass customization. Everybody gets the same thing yet everybody thinks his or hers is hipper than anyone else's.

    iPod Extravaganza, Part II: Macworld Expo by Dan Frakes, Playlist

    Little Things Are Big At Macworld SF 05 by Daniel H. Steinberg, O'Reilly Network
    While Windows users struggle with viruses and pop-up ads, Macintosh users don't feel their machine is in the way of what they want to do.

    Analyst: iPod Reaching iconic Status by Jim Darlymple, MacCentral
    "[Apple] just have incredible brand momentum at this point."

    Opinion

    Macworld Expo And Web Standards: The Good, The Bad, And The Ugly by Dori Smith, Backup Brain
    Apple's newly-annouunced Pages application looks like a wonderful little lightweight page layout program... and a terrible disaster as a HTML editor.

    Less Is More by Steve Gillmor, ZDNet

    Thinking About The Mac Mini / The Mac Sweet Spot by Joey deVilla, The Farm

    The Joy Of Travel In The Digital Age by Rob Griffiths, Kirkville
    Travelling has become a much more complex endeavor than it used to be.

    Like Podcasts? Pass On The iPod Shuffle by Shel Holtz, A Shel Of My Former Self
    Podcasting is gaining steam and will go mainstream this year. Somebody will be well-served to offer a device that accommodates them.

    Podcasters: Curb Your Whining About The Shuffle And Taking A Podcast-Centric View Of The World by Les Posen, CyberPsych Blog
    This is an iPod with training wheels, so young folk in particularly can learn to use iTunes and the iTunes Music Store.

    Whither iFlicks? Or Should I Say, "iFlix?" by Fluid Imagination
    The notice above is similar to one that appeared for an application named "SoundJam MP" a few years ago.

    Review

    Apple Mac OS X Tiger: A First Look by Daniel Drew Turner, ZDNet UK
    Due in mid-2005, Apple's new Mac OS X 10.4 promises more than 200 features.

    Sidetrack

    Mini And Cube: Happy Together by Heng-Cheong Leong, MyAppleMenu

    Madsenblog.tk: Hmmm... looks like there's room for about 4 Mac Mini's in the cabinet from a Cube.

    Rumor Today: Apple G5 Notebooks Coming In Second Quarter 2005? by Heng-Cheong Leong, MyAppleMenu

    Ars Technica: According to Taiwan-based DigiTimes, Apple will start receiving shipments of G5-based notebooks in the second quarter of this year.

    Rumor Today: HP Halts Orders For Apple's iPod Music Players by Heng-Cheong Leong, MyAppleMenu

    HP and Apple is in dispute, according to AppleInsider, over the lack of price protection offered by Apple.

    Wintel

    Does Microsoft Find Excuse For Their Security Woes In Mythology? by Uche Ogbuji, O'Reilly Network
    If mythology helps to fuel Microsoft's lagging response, I hope I can do what I can to help debunk the sily myths.

    Microsoft: No Flaw In Media Player by Dan Ilett and John Borland, CNET News.com
    A set of video files available on peer-to-peer networks is piggybacking on Microsoft's antipiracy tools to trick viewers into downloading adware and spyware, security experts have warned.

    Powered by MyAppleMenu





    Don't miss these trailers of the hottest Mac games:
    Links Championship
    pop-pop
    Wolfenstein
    Wipeout 2097
    Cosmic Encounter Online
    More...