The following is excerpted from CERT. Note our advice which is in part contrary to CERT, at the bottom of the article.
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.
The most common and obvious type of DoS attack occurs when an attacker “floods” a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site’s computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can’t process your request. This is a “denial of service” because you can’t access that site.
An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack?
In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is “distributed” because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
* Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).
* Install a firewall, and configure it to restrict traffic coming into and leaving your computer (see Understanding Firewalls for more information).
* Follow good security practices for distributing your email address (see Reducing Spam for more information). Applying email filters may help you manage unwanted traffic.Author: Mindi McDowell, Produced 2004 by US-CERT, a government organization.
Note that the Secure Surfing Organization disagrees with the assertion that there are no effective ways to prevent being a victim of a Dos or DDoS attack.
How to avoid becoming a victim of Dos and DDoS attacks
For an attacker to execute one of these attacks, they must know your IP address. While that information must be public for public services such as web sites, this is not the case with home or business users.
If you follow one of our core recommendations, namely signing up for an Anonymizer account and use it for all your non-commercial surfing, your IP address will not be disclosed to any potential attacker. (With a few exceptions you can also user your Anonymizer for commercial surfing, but there are some such as PayPal that will cause you grief if you try to hide your IP address while doing secure transactions.)
Common sources of home directed DoS attacks is email, forums, webmail and instant messaging.
In each of these cases your IP is either always or commonly disclosed. For example if you look at the headers of email and webmail messages you have received you will always see the originating IP address. See our guide How to understand e-mail headers for a clear explanation, but the last “Received” entry in the header is the IP address of the original writer of the message. If you are that writer, then attackers can target that IP address. For webmail you write, Anonymizer is a complete solution. For email clients such as Thunderbird or Outlook, it is necessary for you to either use a third-party email server that does not append your IP address, such as the email server included with Anonymizer Total Net Shield.
We do strongly recommend that for general email communications, including registering for forums or other free web services, that you use an alternate identity on a web mail service such as is provided to members of the Secure Surfing Organization (@securesurfing.net). Read our guide on How to join stuff online.
Using Anonymizer will not only protect you in your email use, but also in forums and other interactive browsing such as completing surveys and so on. Instant messaging is a different cat, but if you use Yahoo IM, anonymizer also works well there.
