You are on page 1of 14

Denial-of-service attack

“DoS” redirects here. For the computing pre-boot envi- 1 Types
ronment, see DOS. For other uses, see DoS (disambigua-
tion). Denial-of-service attacks are characterized by an explicit
In computing, a denial-of-service attack (DoS attack) attempt by attackers to prevent legitimate users of a ser-
vice from using that service. In a distributed denial-of-
service (DDoS) attack, the incoming traffic flooding the
victim originates from many different sources – poten-
tially hundreds of thousands or more. This effectively
makes it impossible to stop the attack simply by block-
ing a single IP address; plus, it is very difficult to dis-
tinguish legitimate user traffic from attack traffic when
spread across so many points of origin. There are two
general forms of DoS attacks: those that crash services
and those that flood services. The most serious attacks are
distributed.[6] Many attacks involve forging of IP sender
addresses (IP address spoofing) so that the location of the
attacking machines cannot easily be identified and so that
the attack cannot be easily defeated using ingress filter-
Court testimony shows us the first demostration of DoS
attack was made by Khan C. Smith in 1997 during a Def-
con event disrupting Internet access to the Las Vegas Strip
for over an hour and the release of sample code during the
event led to the online attack of Sprint, Earthlink, eTrade,
and other major corportations in the year to follow.[7]

1.1 Distributed DoS

See also: October 2016 Dyn cyberattack, IP address
spoofing, and Hop (networking)
DDoS Stacheldraht attack diagram.

A distributed denial-of-service (DDoS) is a cyber-
is a cyber-attack where the perpetrator seeks to make a attack where the perpetrator uses more than one unique
machine or network resource unavailable to its intended IP address, often thousands of them. The scale of DDoS
users by temporarily or indefinitely disrupting services of attacks has continued to rise over recent years, by 2016
a host connected to the Internet. Denial of service is typ- exceeding a terabit per second.[8] [9]
ically accomplished by flooding the targeted machine or
resource with superfluous requests in an attempt to over-
load systems and prevent some or all legitimate requests 1.2 Advanced persistent DoS
from being fulfilled.[1] A DoS attack is analogous to a
group of people crowding the entry door or gate to a shop An advanced persistent DoS (APDoS) is more likely to
or business, and not letting legitimate parties enter into be perpetrated by an advanced persistent threat (APT):
the shop or business, disrupting normal operations. actors who are well resourced, exceptionally skilled and
Criminal perpetrators of DoS attacks often target sites have access to substantial commercial grade computer re-
or services hosted on high-profile web servers such sources and capacity. APDoS attacks represent a clear
as banks or credit card payment gateways. Revenge, and emerging threat needing specialised monitoring and
blackmail[2][3][4] and activism[5] can motivate these at- incident response services and the defensive capabilities
tacks. of specialised DDoS mitigation service providers.


which have simple web-based front ends. threat actors with • long-term denial of access to the web or any internet continuous access to several very powerful network re- services. well managed attack across a DDoS tool. or accessing web sites) taneously use from 2 to 5 attack vectors involving up to several tens of millions of requests per second. attacker uses a client program to connect to handlers.3 Denial-of-service as a service the zombie agents. Additional symptoms may include: Attackers in this scenario may (or often will) tactically switch between several targets to create a diversion to evade defensive DDoS countermeasures but all the while • disconnection of a wireless or wired internet con- eventually concentrating the main thrust of the attack nection onto a single victim.1 Attack tools • simultaneous multi-threaded OSI layer attacks (so- phisticated tools operating at layers 3 through 7) In cases such as MyDoom the tools are embedded in mal- ware. they can be used to perform unau. tion over long periods) • tactical execution (attack with a primary and sec- ondary victims but focus is on primary) 3 Attack techniques • explicit motivation (a calculated end game/goal tar- get) A wide array of programs are used to launch DoS-attacks. using automated routines to exploit vulnerabili- services. This APDoS attack in- mail bomb). sources are capable of sustaining a prolonged campaign generating enormous levels of un-amplified DDoS traffic.the longest continuous ceived (this type of DoS attack is considered an e- period noted so far lasted 38 days. volved approximately 50+ petabits (100. including paid and free versions. Typically. 2 Symptoms There is an underground market for these in hacker re- lated forums and IRC channels.TORS FACE and ROLLING THUNDER. Marketed and promoted on the targeted remote hosts. The LOIC use. Agents are compromised via the handlers by the Some vendors provide so-called “booter” or “stresser” attacker. organized by the group Anonymous. the perpetrators can simul. in Operation tools without the need for the attacker to understand their Payback. followed by repeated (at varying intervals) SQLi • unusually slow network performance (opening files and XSS attacks. for example. It utilizes a layered structure where the a range of targets[10] ). These at- • dramatic increase in the number of spam emails re- tacks can persist for several weeks. The United States Computer Emergency Readiness Team UK’s GCHQ has tools built for DDoS. Along with HOIC a wide variety of DDoS tools are available today.000+ terabits) of malicious traffic.up to a thousand agents. [13] Each handler can control as stress-testing tools.[14] . which are compromised systems that issue commands to 1. and ties in programs that accept remote connections running accept payment over the web. which in turn facilitate the DDoS at- tack. named PREDA- (US-CERT) has identified symptoms of a denial-of. with different features available. often ac. • large computing capacity (access to substantial com- puter power and network bandwidth resources) 3. and launch their attacks without the knowledge of • persistence over extended periods (utilising all the the system owner. If the attack is conducted on a sufficiently large scale. and allow technically In other cases a machine may become part of a DDoS at- unsophisticated attackers access to sophisticated attack tack with the owner’s consent. Stacheldraht is a classic example of above into a concerted. thorized denial-of-service attacks.2 3 ATTACK TECHNIQUES This type of attack involves massive network layer DDoS service attack to include:[12] attacks through to focused application layer (HTTP) floods. In this scenario. • unavailability of a particular web site companied by large SYN floods that can not only attack the victim but also any service provider implementing any • inability to access any web site sort of managed DDoS mitigation capability. en- APDoS attacks are characterised by: tire geographical regions of Internet connectivity can be compromised without the attacker’s knowledge or intent • advanced reconnaissance (pre-attack OSINT and by incorrectly configured or flimsy network infrastructure extensive decoyed scanning crafted to evade detec- equipment.[11] has typically been used in this way.

in Operation Pay- attacked or under normal traffic loads. which “degradation-of-service” rather than “denial-of-service”. a common way of achieving this today is via 3. DoS) which can be controlled by modern web application firewalls (WAFs). new connections can no longer be ac- such attacks may be to drive the application owner to raise cepted. The major advantages to an attacker of using a the elasticity levels in order to handle the increased ap.incoming bandwidth than the current volume of the at- volves redirecting outgoing messages from the client back tack might not help. employing a botnet.3. them to become less competitive.g.4 Denial-of-service Level II 3 3. or the trojan may contain one. referred to as systems that issue commands to the zombie agents.3 Degradation-of-service attacks listen for connections from remote hosts. “Pulsing” zombies are compromised computers that are Stacheldraht is a classic example of a DDoS tool. a botnet) flooding the tar- and this rule is usually linked to automated software (e. work segment from which the attack originated. In case of distributed attack or IP header modification (that de- Other kinds of DoS rely primarily on brute force. get’s system resources. Malware can carry DDoS attack mechanisms. one of the An attacker with shell-level access to a victim’s computer better-known examples of this was MyDoom. Agents are compro- can be more difficult to detect than regular zombie inva.g. A system may also be compromised with a trojan. for example. flood- pends on the kind of security behavior) it will fully block ing the target with an overwhelming flux of packets.2 Application-layer floods 3. Other floods may use multiple attack machines are harder to turn off than one specific packet types or connection requests to saturate fi. For example. using automated sions and can disrupt and hamper connection to websites routines to exploit vulnerabilities in programs that accept for prolonged periods of time. making it harder to track and shut number of open connections or filling the victim’s disk down. usually one or more web servers. bomb. This scenario primarily concerns systems acting as servers on the web. Bandwidth-saturating floods rely on the attacker having higher bandwidth available than the victim. It in. because the attacker might be able onto the client. These attacker advantages cause challenges for de- space with logs. as well as flood. A LAND attack is of end up completely crashing a website for periods of time. in turn facilitate the DDoS attack. Its DoS may slow it until it is unusable or crash it by using a fork mechanism was triggered on a specific date and simply add more attack machines. responses should be less than 200 ms) mised systems (for example.the owners’ knowledge. potentially causing more remote connections running on the targeted remote hosts. and that the behavior of each attack ma- nite resources by.mised via the handlers by the attacker. occupying the maximum chine can be stealthier. will ing the client with the sent packets. merely purchasing more A “banana attack” is another particular type of DoS. organized by the group Anonymous. These attacks . allow- ing the attacker to download a zombie agent. when the latter uses re. This type of DDoS involved hardcoding the target IP ad- dress prior to release of the malware and no further inter- A kind of application-level DoS attack is XDoS (or XML action was necessary to launch the attack.[18] back. It uti- directed to launch intermittent and short-lived floodings lizes a layered structure where the attacker uses a client of victim websites with the intent of merely slowing it program to connect to handlers. In this case normally of a targeted system. This type of attack.[19] When a server is overloaded els for the increased requests.[6] application used resources are tied to a needed Quality of Such an attack is often the result of multiple compro- Service level (e. this type. preventing outside access. fense mechanisms. after all. in order to cause financial losses or force chines can generate more attack traffic than one machine.5 Distributed DoS attack distributed denial-of-service.4 Denial-of-service Level II Various DoS-causing exploits such as buffer overflow can The goal of DoS L2 (possibly DDoS) attack is to cause a cause server-running software to get confused and fill the launching of a defense mechanism which blocks the net- disk space or consume all available memory or CPU time.[16][17] Exposure of Each handler can control up to a thousand agents. Attackers can also break into systems using automated tools that exploit flaws in programs that 3. which are compromised rather than crashing it. An- other target of DDoS attacks may be to produce added A distributed denial-of-service (DDoS) attack occurs costs for the application operator. for example.[13] In degradation-of-service attacks is complicated further by some cases a machine may become part of a DDoS attack the matter of discerning whether the server is really being with the owner’s consent. over- the attacked network from the Internet. geted system with traffic.when multiple systems flood the bandwidth or resources sources based on Cloud Computing.The main incentive behind with connections. but without sys- saturating its connection bandwidth or depleting the tar- tem crash.distributed denial-of-service attack are that multiple ma- plication traffic. A botnet is a network of zom- Amazon CloudWatch[15] ) to raise more virtual resources bie computers programmed to receive commands without from the provider in order to meet the defined QoS lev.attack machine. disruption than concentrated floods. This.

a HTTP POST attack tar- quire completion of the TCP three way handshake and at. Newer tools can use message being correct and complete. 1 byte/110 seconds). [23] particular network via the broadcast address of the net- work. However.[21] server (the victim) are used up. some protection systems.gets the logical resources of the victim. legitimate HTTP POST header. enhancements such as syn cookies may be effective mit.[14] faked to appear to be the address of the victim. hence making any fur- ther (including legitimate) connections impossible until Simple attacks such as SYN floods may appear with a all data has been sent.slow rate (e. [22] In one noted attack that was made A smurf attack relies on misconfigured network devices peaked at around 20. geted websites to not pay the ransom. The attacker will UK’s GCHQ has tools built for DDoS. the target server will DNS servers for DoS purposes. 3. the primary requirement being access to greater bandwidth In 2015. Unlike MyDoom’s DDoS attempt to obey the 'Content-Length' field in the header. this would be classified as a DDoS attack.than the victim.[24] Cyber- extortionists typically begin with a low-level attack and a Ping of death is based on sending the victim a malformed warning that a larger attack will be carried out if a ransom ping packet. usually using the “ping” com- mand from Unix-like hosts (the -t flag on Windows sys- tems is much less capable of overwhelming a target. It is very simple to launch. Because the source IP addresses can be triv. any attack against test the security of servers against this type of attacks. by default. SYN floods (also known as resource starva. which means the tempt to exhaust the destination SYN queue or the server victim would still have enough network bandwidth and bandwidth. On the other hand. has released a testing tool to be classified as a DoS attack.8 Internet Control Message Protocol (ICMP) flood It has been reported that there are new attacks from internet of things which have been involved in denial of service attacks.[25] Security experts recommend tar. These flood attacks do not re.nerable system.[20] More so. preventing legiti- mate packets from getting through to their destination. The attacker of well known websites to legitimate users.loading its network or CPU.send large numbers of IP packets with the source address TORS FACE and ROLLING THUNDER. It is notable that unlike many other wide range of source IP addresses. DDoS botnets such as DD4BC grew in promi. an attack could come from a limited set of the fact that Apache will. rather than a specific machine. the HTTP POST attack sends botnets / rootservers.advantage of the required Destination Port Unreachable ognize that the target is ready to pay. and are therefore able to bypass bandwidth exhaustion may require involvement. which will lead to a system crash on a vul- is not paid in Bitcoin. These collections of systems compromisers are known as First discovered in 2009.and wait for the entire body of the message to be trans- dress. mechanism. botnets can be turned against any IP ad.[26] ICMP packets. which try to subdue the server by over- of a well distributed DoS.cludes a 'Content-Length' field to specify the size of the ing and amplification like smurf attacks and fraggle at. an open source web If an attacker mounts an attack from a single host it would application security project. ICMP etc.processing power to operate. 3.message body to follow. The net- See also: DDoS mitigation work’s bandwidth is quickly used up. availability would be classed as a denial-of-service attack.000 requests per second which came that allow packets to be sent to all computer hosts on a from around 900 CCTV cameras. which in- use classic DoS attack methods centered on IP spoof.HTTP POST attacks are difficult to differentiate from igation against SYN queue flooding. the attacker then pro- tacks (these are also known as bandwidth consumption ceeds to send the actual message body at an extremely attacks).[28] Ping flood is based on sending the victim an overwhelm- ing number of ping packets.7 HTTP POST DoS attack UDP.establishes hundreds or even thousands of such connec- phisticated attackers use DDoS tools for the purposes of tions. which can take a very long time. this attack can be particularly powerful. OWASP. .[27] Further combined with ially spoofed. until all resources for incoming connections on the extortion – even against their business rivals. Script kiddies use them to deny the availability mitted. In fact. if an attacker uses many systems to simultaneously launch attacks against a remote host. nence. Due to the entire tion attacks) may also be used. giving the appearance (D)DoS attacks. or may even originate from a single host. however complete legitimate connections. named PREDA. The attackers tend The BlackNurse attack is an example of an attack taking to get into an extended extortion scheme once they rec. accept requests up sources. Stack to 2GB in size.6 DDoS extortion the -l (size) flag does not allow sent packet size greater than 65500 in Windows). DDoS tools like Stacheldraht still a complete. taking aim at financial institutions.g.4 3 ATTACK TECHNIQUES can use different types of internet packets such as: TCP. also 3.

the attacker acts as a “puppet master. achieved by us.” Many services can be exploited to act as reflectors. a PDoS attack exploits security flaws which allow DNS record response that is sent to the targeted victim.9 times the these features. a massive amount of data back to the victim. when done legitimately is known as flashing.[32] is an attack that damages a system so to a public DNS server. remote administration on the management interfaces of Since the size of the request is significantly smaller than the victim’s hardware. The attacker uses these vulnera. This is typically done through pub- DC++. The attacker tries to request as hardware. thus slowing down the affected computer until A distributed denial-of-service attack may involve send- it comes to a complete stop.through a command called monlist.12.requests with the same spoofed IP source.[33] Unlike the distributed denial-of-service at. which exploited the vulner. Using Internet prominence is the WinNuke. With peer-to-peer there is no botnet and the at- licly accessible DNS servers that are used to cause con- tacker does not have to communicate with the clients it gestion on the target system using DNS response traffic. causing it to lock up and display a Blue sometimes called a “DRDOS”. this technique has come to the attention of nu.1 Amplification Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DDoS attacks. thereby enticing hosts to send Echo Reply packets to the victim. which sends the de- inal purpose until it can be repaired or replaced.[34] A Nuke is an old denial-of-service attack against computer networks consisting of fragmented or otherwise invalid ICMP packets sent to the (and flood) the target. (This[35]reflected attack form is tim’s machine.3. such as routers.[29][30][31] factors. thus amplifying the tack. some instructing clients of large peer-to-peer file sharing hubs harder to block than others. which will send merous hacking communities. as the flooding host(s) send Echo Requests to the broadcast addresses of 3. NTP can also be exploited as reflector in an amplification corrupt. Instead. rendering it unusable for its orig. and the potential and high probability of amount of data that was requested back to the victim. or defective firmware image—a process which attack. much zone information as possible. the attacker is easily able to increase the networking hardware. tails of the last 600 people who have requested the time The PDoS is a pure hardware targeted attack which can from that computer back to the requester. A small request be much faster and requires fewer resources than using to this time server can be sent using a spoofed source IP a botnet or a root/vserver in a DDoS attack. . PhlashDance is a tool created by Rich Smith (an It is very difficult to defend against these types of at- employee of Hewlett-Packard’s Systems Security Lab) tacks because the response data is coming from legitimate used to detect and demonstrate PDoS vulnerabilities at servers.An example of an amplified DDoS attack through NTP is fore "bricks" the device. subverts. printers.[36] US-CERT have observed to disconnect from their peer-to-peer network and to con- that different services implies in different amplification nect to the victim’s website instead. which means all the replies will go of out-of-band data was sent to TCP port 139 of the vic. ) Screen of Death (BSOD). This there. also known loosely involves an attacker sending a DNS name look up request as phlashing. [40][41] SNMP and bilities to replace a device’s firmware with a modified. the source address is set to that ability in the NetBIOS handler in Windows 95. security exploits on Network Enabled Embedded Devices This becomes amplified when using botnets that all send (NEEDs). or other the response. using a much larger list of DNS servers than seen earlier.3. used for DDoS attacks 3.Protocol address spoofing. which results in 556. amount of traffic directed at the target.10 Peer-to-peer attacks mis-configured networks. spoofing the source IP address badly that it requires replacement or reinstallation of of the targeted victim. Some early DDoS pro- Main article: Direct Connect (protocol) § Direct Connect grams implemented a distributed form of this attack. ing forged requests of some type to a very large number of A specific example of a nuke attack that gained some computers that will reply to the requests.12 Reflected / spoofed attack ing a modified ping utility to repeatedly send this cor- rupt data.12 Reflected / spoofed attack 5 3. as you can see below:[37] DNS amplification attacks involve a new mechanism that 3.9 Nuke the 2008 EUSecWest Applied Security Conference in London. ICMP Echo Request attacks (Smurf attack) can be con- sidered one form of reflected attack. The process typically Permanent denial-of-service (PDoS).11 Permanent denial-of-service attacks increased the amplification effect. Because of address of some victim. A string of the targeted victim. These attack requests are also sent through UDP. The most Amplification attacks are used to magnify the bandwidth aggressive of these peer-to-peer-DDoS attacks exploits that is sent to a victim.

mer retaliates by flooding the victim’s employer with .16 Sophisticated low-bandwidth Dis- tributed Denial-of-Service Attack Voice over IP has made abusive origination of large num- bers of telephone voice calls inexpensive and readily auto- A sophisticated low-bandwidth DDoS attack is a form of mated while permitting call origins to be misrepresented DoS that uses less traffic and increases their effective. ness by aiming at a weak point in the victim’s system de. Windows 95 and Windows NT operating systems.19 Telephony denial-of-service (TDoS) 3. or offset.[46] Windows 3.. indicating the starting position.14 Shrew attack code. campaigns have been started that are knowledge).[42] packets that teardrop used). This Each of these packets are handled like a connection re- means that the source IP is not verified when a request quest. the attacker sends traffic consisting of compli.of various fraudulent schemes: cated DDoS attack is lower in cost due to its use of less traffic. and it has the ability to hurt systems which are pro- [43][44] impersonating the victim to request a funds trans- tected by flow control mechanisms. in the original packet. causing the server to spawn a half-open connec- is received by the server.[49] See also: SYN flood • A scammer contacts consumers with a bogus claim to collect an outstanding payday loan for thousands A SYN flood occurs when a host sends a flood of of dollars. the response never down completely. keeping it from responding to legitimate requests until after the at- 3.[43] Essentially. Transmission Control Protocol. sign. Slow reading is fragmented packet. often with a forged sender address.63 are vulnerable to this attack. thus trying to of one fragmented packet differs from that of the next exhaust the server’s connection pool. When this hap- achieved by advertising a very small number for the TCP pens.e.through caller ID spoofing.[47][48] One of the fields in an IP header is the “fragment off- 3.32 and 2. If the sum of the offset and size quests but reads responses very slowly. comes.13 R-U-Dead-Yet? (RUDY) tack ends. In order to bring awareness of tion. tify. by sending back a TCP/SYN-ACK packet (Ac- these vulnerabilities. These half-open connections saturate the number of available connections the server can make.6 3 ATTACK TECHNIQUES which does not require a connection to the server. However. the packets overlap.1x.A teardrop attack involves sending mangled IP fragments length header value. The banker’s attempt to contact the victim for verification of the transfer fails as the victim’s tele- phone lines are being flooded with thousands of bo- 3. 3. i. That naturally ensures condition. is smaller in size making it more difficult to iden- • A scammer contacts the victim’s banker or broker.[45] RUDY attack targets web applications by starvation of available sessions on the web server.According to the US Federal Bureau of Investigation. with overlapping. same link. a server vulnerable to teardrop attacks is unable to Receive Window size and at the same time by emptying reassemble the packets . a sophisti.resulting in a denial-of-service clients’ TCP receive buffer slowly.17 (S)SYN flood gus calls. to people fixing their resolvers or having the resolvers shut because the sender address is forged.18 Teardrop attacks RUDY keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content. a very low data flow rate.0. When the consumer objects. 3. It uses short synchro- (Although in September 2009. rendering the victim unreachable. Much like Slowloris. oversized payloads to the target ma- chine.telephony denial-of-service (TDoS) has appeared as part cated requests to the system. by exploiting a weakness in TCP’s retransmis- this targeted SMB2 which is a higher layer than the TCP sion timeout mechanism. as well as versions of Linux prior to The shrew attack is a denial-of-service attack on the versions 2.15 Slow Read attack set” field. and waiting for a packet in response from the dedicated to finding amplification vectors which has led sender address (response to the ACK Packet). This can crash various operating systems be- cause of a bug in their TCP/IP fragmentation re-assembly 3. of the data contained in a fragmented packet relative to the data Slow Read attack sends legitimate application layer re.1. fer. a vulnerability in nized bursts of traffic to disrupt TCP connections on the Windows Vista was referred to as a “teardrop attack”. the scam- TCP/SYN packets.

be based on an application layer analysis.3 Blackholing and sinkholing 7 thousands of automated calls. or dangerous. and then identifies and ping of death) and rate-based attacks (such as ICMP them as priority. Application front end hardware analyzes can also address both protocol attacks (such as teardrop data packets as they enter the system. 4.mine if there is traffic anomaly. the scammer floods local po. Widespread publication of affecting network connectivity. In the 2002 New Hampshire Senate With blackhole routing. aiming to block traf. regular. system (DDS) can block connection-based DoS attacks It can be used on networks in conjunction with routers and those with legitimate content but bad intent. to indicate played caller ID is spoofed to impersonate police or whether an incoming traffic bulk is legitimate or not and law enforcement agencies.Intrusion prevention systems (IPS) are effective if the at- phone calls. the Related exploits include SMS flooding attacks and black trend among the attacks is to have legitimate content but fax or fax loop transmission. However. approaches may addresses. efficient for most severe attacks. bad intent. traf- fic classification and response tools. Police soon arrive at pletion Indicators. A DDS and switches.4.[53] the victim’s residence attempting to find the origin of the calls.3 Blackholing and sinkholing Telephony denial-of-service can exist even without Internet telephony.tackers. There are more floods and SYN floods).[50] thus enable the triggering of elasticity decisions with- out the economical implications of a DDoS attack. In some cases. .[51] A list of prevention and re.1 Application front end hardware 4. towards the final gen- lice numbers with calls on which caller ID is spoofed eration of profit. it can be managed by the a number can also flood it with enough calls to render it ISP. tacks have signatures associated with them.progress of the requests in this path. through markers denoted as Key Com- to display the victims number. all the traffic to the attacked DNS election phone jamming scandal. as happened with multiple +1-area code−867. involve the use of a combination of attack detection.5 DDS based defense Application front-end hardware is intelligent hardware More focused on the problem than IPS. based on protocols.6 Firewalls 4. a firewall could have a sim- ple rule added to deny all incoming traffic from the at- In order to meet the case of application level DDoS at. value inside the application and monitor the macroscopic when the victim balks. TDoS differs from other telephone harassment (such as prank calls and obscene phone calls) by the number of calls originated. than 25 bandwidth management vendors. It must let the legitimate sponse tools is provided below: traffic flow while blocking the DoS attack traffic. by occupying lines continuously with 4.2 Application level Key Completion Indi- cators In the case of a simple attack.[54] unusable. dis. the victim is prevented from making or receiving both routine and emergency tele. Intrusion-prevention systems which work on content recognition cannot block behavior-based DoS at- tacks.[55] 4. telemarketers were used or IP address is sent to a “black hole” (null interface or to flood political opponents with spurious calls to jam a non-existent server).A rate-based IPS (RBIPS) must analyze traffic granularly fic that they identify as illegitimate and allow traffic that and continuously monitor the traffic pattern and deter- they identify as legitimate. 4. To be more efficient and avoid phone banks on election day. a DoS defense placed on the network before traffic reaches the servers.[52] • A scammer contacts consumers with a bogus debt These approaches mainly rely on an identified path of collection demand and threatens to send police.4 IPS based prevention repeated automated calls. Sinkholing is not calls daily in response to the song 867-5309/Jenny. A DNS sinkhole routes traffic to a valid IP address which 5309 subscribers inundated by hundreds of misdialed analyzes traffic and rejects bad packets. ports or the originating IP tacks against cloud-based applications. 4 Defense techniques An ASIC based IPS may detect and block denial-of- service attacks because they have the processing power and the granularity to analyze the attacks and act like a Defensive responses to denial-of-service attacks typically circuit breaker in an automated way.

[57] 4. specifically when the link was posted by a celebrity. Routers have also been known to create unintentional ity to the Internet to manage this kind of service unless DoS attacks. SYN flood hundreds of thousands of people – click that link in the can be prevented using delayed binding or TCP splic. part of a news story. For example. tunnels. but simply due splicing). as both D-Link and Netgear routers have they happen to be located within the same facility as the overloaded NTP servers by flooding NTP servers without “cleaning center” or “scrubbing center”. It is also known as “the Reddit hug cuits. dresses or going to dark addresses can be prevented using When Michael Jackson died in 2009. but deep packet inspection. delayed binding (TCP single individual or group of individuals.g. routers have some rate-limiting and ACL capability. The result is that a significant pro- These schemes will work as long as the DoS attacks can portion of the primary site’s regular users – potentially be prevented by using them.7 Routers • Tata Communications[68] Similar to switches. to a sudden enormous spike in popularity. for example. This can hap- gus IP filtering) to detect and remediate DoS attacks pen when an extremely popular website posts a prominent through automatic rate filtering and WAN Link failover link to a second. Attacks originating from dark ad. digital cross connects. Cisco IOS has optional features that can reduce the im.9 Upstream filtering News sites and link sites – sites whose primary function is to provide links to interesting content elsewhere on the All traffic is passed through a “cleaning center” or a Internet – are most likely to cause this phenomenon.8 5 UNINTENTIONAL DENIAL-OF-SERVICE More complex attacks will however be hard to block with • Arbor Networks[62] simple rules: for example. They. • F5 Networks[64] firewalls may be too deep in the network hierarchy. websites such as bogon filtering. If a server is being indexed by Google or another • Level 3 Communications[60] search engine during peak periods of activity. common internet attacks) and only sends good traffic be- yond to the server. too. it is not possible to drop all in. Automatic rate filtering can work as long Google and Twitter slowed down or even crashed. tem ends up denied. or even direct cir- traffic from Slashdot. The provider needs central connectiv. Most • Verisign[69] routers can be easily overwhelmed under a DoS attack. when a URL is mentioned on tele- • CloudFlare [59] vision. • AT&T[63] coming traffic on this port because doing so will prevent the server from serving legitimate traffic. are manually set. A VIPDoS is the same. • Neustar Inc[66] • Akamai Technologies[67] 4. tack. . The “scrubbing center” via various methods such as prox- canonical example is the Slashdot effect when receiving ies. Some switches provide automatic and/or system. Wan-link Many sites’ servers thought the requests were from a failover will work as long as both links have DoS/DDoS virus or spyware trying to cause a denial-of-service at- prevention mechanism.[58] respecting the restrictions of client types or geographical limitations. Examples of providers of this service: Similar unintentional denials-of-service can also occur via other media. traffic shaping. it • Radware[61] can also experience the effects of a DoS attack. An unintentional denial-of-service can occur when a sys- bility. having the same effect on the target ing. e. as and balancing. Similarly content based DoS may be prevented using website as a DDoS attack. less well-prepared site. if there is an ongoing attack on port 80 (web service). which separates “bad” traffic (DDoS and also other of death” and “the Digg effect”.8 Switches 5 Unintentional denial-of-service Most switches have some rate-limiting and ACL capa. • Verizon[70][71] pact of flooding. warning users that their queries looked like “au- tomated requests from a computer virus or spyware application”. space of a few hours. with routers being adversely affected before the traffic gets to • Incapsula[65] the firewall. or does not have a lot of available bandwidth while being indexed. not due to a deliberate attack by a wide rate limiting.[73] 4.[56] Additionally.[72] as set rate-thresholds have been set correctly. deep packet inspection and Bogon filtering (bo.

These response packets are known as backscatter. Universal Tube & Rollform Equipment Cor.[76] • Hit-and-run DDoS If the attacker is spoofing source addresses randomly.1 Backscatter • Billion laughs See also: Backscatter (email) and Internet background • Botnet noise • Command and control (malware) In computer network security. This effect can be used by • Infinite loop network telescopes as indirect evidence of such attacks. • UDP Unicorn . denial-of-service attacks may be con- In 2006. the • Industrial espionage backscatter response packets from the victim will be sent back to random destinations. As a result. • In the US.[79] pany’s servers. which amended Sec- satellite images. This could be a legal form of protest similar to the Occupy protests. The response overwhelmed the com. with utube. Anonymous posted a petition on the a prescheduled event created by the website itself. 8 See also 6 Side effects of attacks • Application layer DDoS attack • BASHLITE 6. committing criminal denial- ing ads for advertisement now users accidentally typed the tube company’s imprisonment. lead to arrest. sidered a federal crime under the Computer Fraud poration sued YouTube: massive numbers of would-be and Abuse Act with penalties that include years of youtube. 9 Legal action has been taken in at least one such case. In general. the tube company ended lectual Property Section of the US Department of up having to spend large amounts of money on upgrading Justice handles cases of (D)DoS.[80][81] to be available where it will result in many more login requests at that time than any other. site asking that DDoS be recognized as the case of the Census in Australia in 2016. • Intrusion detection system The term “backscatter analysis” refers to observing backscatter packets arriving at a statistically significant • Low Orbit Ion Cannon (LOIC) portion of the IP address space to determine characteris. caused when a server provides some service at a specific the claim being that the similarity in purpose of both are DigitalGlobe launched a crowdsourcing service set a maximum penalty of 10 years in prison with the on which users could help search for the missing jet in Police and Justice Act 2006. This might be a university website setting the grades same. so the victim responds to the spoofed • High Orbit Ion Cannon (HOIC) packets as it normally would.[75] An unintentional denial-of-service may also result from On January 7. as was whitehouse. • In European countries. utube. after Malaysia Airlines Flight 370 went specifically outlawed denial-of-service attacks and missing. tion 3 of the Computer Misuse Act 1990. the attacker spoofs (or forges) the source address in • Dendroid (malware) IP packets sent to the victim.[74] The company appears to have taken advantage of the situation. the victim ma- • Fork bomb chine cannot distinguish between the spoofed packets and legitimate packets. their bandwidth. of-service attacks may. • October 2016 Dyn cyberattack • Project Shield 7 Legality • ReDoS See also: Computer crime • SlowDroid • Slowloris (computer security) Many jurisdictions have laws under which denial-of- service attacks are illegal. backscatter is a side-effect • DDoS mitigation of a spoofed denial-of-service attack. as a minimum. In this kind of at- tack.[78] The United Kingdom is unusual in that it In March 2014. • Network intrusion detection system tics of DoS attacks and victims.[77] The Computer Crime and Intel- URL.

CloudFlare. Archived from the 2014. [7] Smith. 10 September 2015. Archived from the original on 2010-09-14. 3 August 2015. Atlantic Pub- • Zombie (computer science) lishers & Distributors. Mindi (November 4. ISBN Ex- [21] Leyden. [9] Khandelwal. United States Computer Emergency Readiness [30] Robert Lemos (May 2007). Networking and Mobile Computing. [25] Solon. p. Retrieved 2014-03-07. The Register.Layer_7_DDOS. [18] Lu. Archived from the original on 2 October of increased activity from DDoS extortion group”. 2015). “SANS Institute – Intrusion De- Attempt”. pp. [29] Paul Sop (May 2007). Re. “US credit card firm fights tortion”. Pervasive Technology Labs at hit by 38-day DDoS attack”. Bloomberg. Retrieved Nov 20 2014. bric. ABC- CLIO. [1] “denial of service attack”. Retrieved December 11. 08-22. Steve (21 August 2014).Understanding Denial-of-Service At- tacks”. Saman (November 2013). “Video games company Attacks(DDoS) Resources. “Hacking CCTV phy. Matthew (25 April 2016). • Xor DDoS [15] “Amazon CloudWatch”. Financially”. • Zemra [16] Encyclopaedia Of Information Technology.Strawman .pdf” 1 Tbps DDoS Attack launched from 152. “World’s largest [27] “OWASP Plan . Inc. Olivia (9 September 2015). 18 March Smart Devices”. Retrieved 18 [19] “Has Your Website Been Bitten By a Zombie?". “Empty DDoS Threats: Meet the Armada Collective”. Magazine. tqaweekly. “Akamai warns Ars Technica. Prolexic Technologies Inc. 2013. Internet and the Law. tqaweekly. The Intercept_. Retrieved 2011-12-02. Dan (28 September 2016). p. [11] Krebs. Retrieved 2008-05-02. Wei Zhao (2005). Re. [28] “Types of DDoS Attacks”. [4] “Brand. Cameras to Launch DDoS Attacks”. Archived from the original on 13 DDoS attack”. rity Tip ST04-015 . “Cyber-Extortionists Check date values in: |access-date= (help) Targeting the Financial Sector Are Demanding Bitcoin Ransoms”. opted for DOS attacks”. “Record-breaking DDoS reportedly delivered by >145k hacked cameras”. “HACKING ONLINE POLLS AND OTHER WAYS BRITISH SPIES SEEK • XML denial-of-service attack TO CONTROL THE INTERNET”.incapsula. • Wireless signal jammer [14] Glenn Greenwald (2014-07-15).com President Mike Zammuto Reveals Blackmail [20] Boyle. trieved 15 September 2015. 2013. [5] “The Philosophy of Anonymous”. Open Web Application Security Project. Radicalphiloso. 9 References [17] Schwabach.html vice (DDoS) Flooding Attacks” (PDF). Retrieved 15 September 2015. 5 March 2014. Re- 2009. SC Magazine UK. Retrieved 2013-09-10. Prolexic Technologies Inc. Swati (26 September 2016). ISBN 1-85109-731-7. “5 Famous Botnets that held the internet hostage”. Cloudbric. Retrieved 18 March 2014. [8] Goodin. cctv-ddos-botnet-back-yard. “Cyber Secu. Retrieved 15 September 2015. Phillip (2000). Amazon Web Services. 397. Xicheng. Cloud- May 2016. 03. 325. Archived from the original on 2013-11-04. Steve. Retrieved 15 September 2015. SC 2016. May 2014. . Retrieved 2013-12-11. The Hacker News. “The “stachel- draht” distributed denial of service attack tool”. [22] Swati Khandelwal (23 October 2015). 2046– Your Website?". [2] Prince. [3] “Brand. Archived from the original on 2007-08- [12] McDowell. 1999). SANS’s Mike Zammuto Discusses Meetup. Retrieved 2007- trieved December 11. p. Krebs on Security. Retrieved 26 May 2016. Univer- • Warzapping sity of Washington. Distributed Denial of Service [10] Gold. original on 30 September 2016. [6] Taghavi Zargar. Retrieved Indiana University. 5 March 2014. “Prolexic Distributed Denial of trieved 2016-09-09. SecurityFocus. Re- trieved Defense Mechanisms Against Distributed Denial of Ser. 2007. 424. [26] Greenberg. Birkhäuser. 2010-12-17.000 hacked (PDF). n/a”.10 9 REFERENCES • Virtual sit-in [13] Dittrich. IEEE COMMU- [24] “Who’s Behind DDoS Attacks and How Can You Protect NICATIONS SURVEYS & TUTORIALS. December 3. Lab (ANML). Brian (August 15. John (2004-09-23). The Hacker News. Advanced Networking Management 4 February 2016. “A Survey of [23] https://www. David (December 31. Archived from the original on tection FAQ: Distributed Denial of Service Attack Tools: 11 March 2014. “Peer-to-peer networks co- Team. Retrieved 2007-08-22. Service Attack Alert”. Adam (14 September 2015). “Stress-Testing the Booter Services. ISBN 81-269- 0752-5. Aaron (2006). 2009).

[54] Patrikakis. level3. dom. Oke. Defense” (PDF). trieved June 2015. [55] Abante. Roland (2014). Archived from the original (PDF) on 2008-09-21. U. US. (Product brief).gov. Ya Know?. “An Analysis of Using Reflectors elastic Cloud-based applications based on application- for Distributed Denial-of-Service Attacks”.. 2004). “Relationship between Firewalls and Protection against DDoS”... “Some IoS tips for Internet Service (Providers)" (PDF). DC++: Just These Guys. tential for DDoS attacks . 7 (4): 13–35. [33] Jackson Higgins. Retrieved 2009-03-07. 53 (7): 1020–1037.70. Retrieved 2013-07-17. Computerworld. O. Sean. Gadi (2006).. Vista exposed to 'teardrop attack'".com. G. tion Attacks” (PDF). Tools. [61] “Defensepipe”. Bremler-Barr. pp. Retrieved 2013-05-24. Check date values in: |access-date= (help) [48] “Microsoft Security Advisory (975497): Vulnerabilities [65] “Infrastructure DDos Protection”.. Retrieved 2013- 09-10. January 7. George (2014). CERT. 2013-01-07. [44] orbitalsatelite. Retrieved 2013-12-11. G. Retrieved July 18. Retrieved Genuine Theft”. “Distributed Denial of Service Attacks”.com. [64] “Silverline DDoS Protection service”. Ars Technica. “DNS Amplifica. Dark [51] Loukas. [59] (September 2010) [August 2009]. [34] “EUSecWest Applied Security Conference: London. Retrieved [43] Ben-Porat. Florian (2015). “Vulnerability of Network Mechanisms to Sophisticated [60] “Level 3 DDoS Mitigation”. Masikos.K..49. f5.627. Retrieved November 2015.2012. “P2P File-Sharing in Hell: Ex. (help) . Reading. “Phlashing attack thrashes [50] “Internet Crime Complaint Center’s (IC3) Scam Alerts embedded systems”. SourceForge. ISBN 0-7695-2421-4. Retrieved May 15. IC3. [32] Leyden. “Biggest DDoS ever aimed at Cloud- doi:10. “DDoS on 2009-02-01. [37] “Alert (TA14-017A) UDP-based Amplification Attacks”.com. 2014.”. level markov chain checkpoints”. S. “Denying distributed at. Kelly (May 19. “How to defend against DDoS attacks”. [47] “Windows 7. 2008). “DNSSEC and its po. Comput. 2009. Gamble. Retrieved 9 May DDoS Attacks”. Retrieved 4 February 2016. Kai Hwang. 18 May 2016. [58] “DDoS Mitigation via Regional Cleaning Centers (Jan [42] Yu Chen.a comprehensive measurement study”. The In- [38] van Rijswijk-Deij. 2009.1109/LCN. ACM Press. August 2007. doi:10. Paul (June 24. 09-10. Retrieved 2014-07-08. “Protection Against Denial of Service Attacks: A The Register. 2011-12-02. (December 2004). Survey” (PDF). July 8. SprintLabs. Internet Society. (1 January 2015). Zouraraki. March 2015. Levy. Archived from the original (PDF) on [41] “Alert (TA13-088A) DNS Amplification Attacks”. Attacks in Service Clouds”. 8 pp. “KEY COMPLETION INDICATORS:minimizing the effect of DoS attacks on [36] Paxson. [57] Suzen. Check date values in: |access-date= (help) [45] “RFC 4987 – TCP SYN Flooding Attacks and Common [62] “Clean Pipes DDoS Protection and Mitigation from Arbor Mitigations”. Christian (February 2014).2015. 2010. Revisiting Network Protocols for DDoS Abuse” (PDF). [56] Froutan. ZDNet. 2004)" (PDF). Yu-Kwong Kwok (2005). Re- in SMB Could Allow Remote Code Execution”. R.1109/TC. A. incapsula. 62 (5): 2016. M. 1998. “Filtering of shrew DDoS attacks in frequency do. 2010-05-11. C. Evron. Archived from the original on December CLOSER Conference. ICIR. ploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks”. Archived from the original [52] Alqahtani. Check date values in: |access-date= crosoft. doi:10. The IEEE Conference on Local Computer trieved 2011-12-02. J. ISSN 0018-9340. Archived from the original (PDF) on 2010-12-14.ietf. 11 [31] Fredrik Ullner (May 2007). 2013”. US-CERT. Re- main”. 8 August 2013. [40] flare’s content delivery network”. Vern (2001). 16 October tacks”. doi:10. ternet Protocol Journal. “Permanent Denial-of-Service Attack Sabotages Hardware”. 2008-09-10.1093/comjnl/bxp078. July 8. H. CERT. Randal. U. “Slow HTTP Test”. ATT. 2013). “Amplification Hell: 5340. [63] “AT&T Internet Protect Distributed Denial of Service [46] “CERT Advisory CA-1997-28 IP Denial-of-Service At. radware. 1031–1043. EUSecWest. [53] Kousiouris. Carl (March 2. Sprint ATL Research. FBI.1109/HICSS. September 8. Mehmet. [49] “FBI — Phony Phone Calls Distract Consumers from tacks”. F. Networks 30th Anniversary (LCN'05)l. 2012. Retrieved September 2015 48th Hawaii Inter- national Conference on System Sciences (HICSS): 5331– [35] Rossow. Retrieved 2013- 2007-08-22. Retrieved Networks & Cisco”. Retrieved 2011-12-02. Retrieved 2015-05-24. (2013-05-01). Mi. Ecommerce Wis- [39] Adamsky. IEEE Transactions on Computers. John (2008-05-21). ArborNetworks. 2013.

com. 2011. [68] “DDoS Protection with Network Agnostic Option”. October 6. (historic Against Cyberattacks”. 2013) of UK. [79] “Computer Misuse Act 1990”. Quarterly Security and Internet trend statistics date= (help) • W3C The World Wide Web Security FAQ [71] “Verizon Digital Media Services Launches Cloud-Based Web Application Firewall That Increases Defenses • cert. 2014. [67] Lunden. Animations (video). Google Product Forums › Google Search Forum. Retrieved 2012-02-11. Slow Network Tools on LOIC [75] Bill Chappell (12 March 2014). Automated Query error”. Google. Neustar. Check date values in: |access-date= (help) • ATLAS Summary Report – Real-time global report [72] Shiels. 2006- • LOIC SLOW An Attempt to Bring SlowLoris and 11-02. — The National Archives. Check date values in: |access. EUROPOL. 10 Further reading • Ethan Zuckerman.A Simple HTTP Flooder [74] “YouTube sued by sound-alike site”. • Low Orbit Ion Cannon . • Akamai State of the Internet Security Report - Retrieved January 2015. legislation. Check date values in: |access-date= (help) vard University. Fraud and related ac- tivity in connection with computers | Government Printing Office”. www. Retrieved 2 December • RFC 4732 Internet Denial-of-Service Considera- 2011. 2002-10-25. 12 January Dark- Cooperative Association for Internet Data Analysis. tions [70] “Security: Enforcement and Protection”. . Jillian York. “People Overload Web- site. [80] “Anonymous DDoS Petition: Group Calls On White House To Recognize Distributed Denial Of Service As Protest. Stress Testing Tool 2009. 7 September 2011. Hal Roberts. YouTube. Ingrid (December 2. 11 External links [69] “VeriSign Rolls Out DDoS Monitoring Service”. Retrieved November The Berkman Center for Internet & Society at Har- 2014. • High Orbit Ion Cannon . John Palfrey (December 2011).org CERT’s Guide to DoS attacks. Retrieved January document) 2015. [78] “International Action Against DD4BC Cybercriminal Group”. [77] “United States Code: Title 18. 11 September 2009. Tat- Retrieved 2014-01- 11 EXTERNAL LINKS [66] “DDoS Protection”. BBC News.”. October 20. 2013-01-12. from the original on 2011-03-02. Re- trieved December 11.The Well Known Network [73] “We're Sorry. TechCrunch. “Web slows after Jackson’s of DDoS attacks. “Akamai Buys DDoS Prevention Specialist Prolexic For $370M • “DDOS Public Media Reports”. Re- trieved 4 February 2016. Maggie (2009-06-26). HuffingtonPost. Retrieved September 23. death”.com. “Distributed Denial of Service Attacks Against In- dependent Media and Human Rights Sites” (PDF). 2013. Hoping To Help Search For Missing Jet”. Retrieved 2011-03-02.gpo. NPR. 10 January 2008. [81] “DDOS Attack: crime or virtual sit-in?". BBC News. [76] “Backscatter Analysis (2001)". Ryan McGrady. Archived from the original (PDF) on 2011-03-02. Archived To Ramp Up Security Offerings For Enterprises”.

Darklord Contributors: Magnus Manske. Lightdarkness. ChenzwBot. Ripchip Bot. Annoyomous. Ncmvocalist. Centrx. Magioladitis. Frosted14. Raven 1959. Harry the Dirty Dog. Xitrax. Antandrus. Kristen Eriksen. Eskimbot. Rhlitonjua. The Thing That Should Not Be. Magog the Ogre. Bartledan. Randomn1c. Christian75. Jcc1. Brento1499. FrescoBot. Jamesrules90. Intgr. Softwaredude. Andrew Hampe. Fiddler on the green. Butwhatdoiknow. BrianHoef. HamburgerRadio. Titi 3bood. Olathe. Aldor.Galway. Gomangoman. Սահակ. DarTar. Rrburke. Enrico. WAS 4. Lexein.wikipedia. VoABot II. Ultimus. Dark Tea. Nbarth. Anaxial. Ceyockey. Rchandra. Web-Crawling Stickler. I already forgot. OmidPLuS. Xavier6984~enwiki. Juanpdp. Daonguyen95. Dinamik-bot. Derek Ross. Liber- atorG. YurikBot. Marco Krohn. QuentinUK. AdjustShift. Da31989. CyberSkull. Klaslop. Astt100. Gilliam. Egmontaz.kid. Getmoreatp. Danc. Mightywayne. Jrmurad. Snori. Favonian. RobyWayne. Freekee. Oystein. TheJae. Mcnaryxc. Marek69. Stphnm. BenTremblay. Jcmcc450. Mysterysociety. Raistolo. David Gerard. Eri- anna. Ronhjones. Nneonneo. Mwikieditor. Physicistjedi. Signalhead. Corporal. Csabo. Eliz81. Tea2min. Spartytime. Mbell. Discospinster. MugabeeX. JzG. Edman274. Monaarora84. Unschool. Solarra. Dan Fuhry. Lemmio. Carlossuarez46. Krellis. Rjstott. Bongoramsey. Warrush.Reding. Bossanoven. Bongwarrior. ToePeu. Keegen123. Wikipelli. Fences and windows. Mgiganteus1. Davken1102. Bananastalktome. Mck- aysalisbury. KyraVixen. Nyttend. Jar- ble. VernoWhitney. Deltabeignet. Sephi- roth storm. Canaima. Merlinsorca. Matt Casey. Cydebot. Romal. Maccoat. SkyWalker. Mpeg4codec. Deathwiki. Gdm. Woody. PentiumMMX. TheMightyOrb. Zhangyongmei. The Anome. Arnoldgibson. WeatherFug. Gimere. Gblaz. Peng~enwiki. Galassi. Yehaah~enwiki. Ivan Velikii (2006-2008). Tempshill. BOT-Superzerocool. Shadow1. Tawkerbot2. N3X15. EneMsty12. Goto. SieBot. LeaveSleaves. Kvng. Jim1138. SonicAD. R000t. Mmoneypenny. Alanyst. Pastore Italy. Ketiltrout. Way- ward. Killiondude. Liko81. Jhalkompwdr. Piotrus.hawrylyshen. Alex9788. Life Now. Trigguh. Shadowlynk. Xawieri~enwiki. Blstormo. A3nm. MeekMark. ArthurBot. Rfc1394. Mjdtjm. Andy5421. GHe. KP Botany. Demiurge1000. Duzzyman. Xiphiidae. Anetode. Courcelles. Tawkerbot4. Michael Hardy. Omnipaedista. Melgomac. Yooden. Bobkeyes. Jwrosenzweig. JonNiola. Chobot. GoingBatty. Io Katai. Shaggyjacobs. ElKevbo. Gogo Dodo. Sligocki. DavidH. Mav. N-david-l. Wrs1864. Bhadani. Wilsone9. McGeddon. Scartol. Yamaguchi . Karlos77. Robertvan1. Lothar Kimmeringer~enwiki. Kaishen~enwiki. Monty845. RedWolf. Steel1943. Kane5187. Josh Parris. Fang Aili. La Parka Your Car. Smallman12q. StewE17. Chri$topher. Teapeat. Drrngrvy. Stephenchou0722. Frap. Wtmitchell. RedPen. Muro Bot. Dawnseeker2000. Mjsa. Sunholm. Terryr rodery. Jeannealcid. GraemeL. Chakkalokesh. Sophus Bie. Ryancarpenter. Île flottante. JoanneB. Gopher23. Haseo9999. Fintler. Viper- Snake151. Huds. Romeu. MelonBot. Shyish. Ocker3. HangingCurve. Lights. Nosperantos. Materialscientist. 13 12 Text and image sources. Omicronpersei8. Addbot. Lupo. Pengo. Lradrama. Kortaggio. ClueBot. Mean as custard. Julesd. Peter Delmonte. Dnvrfantj. MER-C. Hellbus. SilvonenBot. Deryck Chan. Cadence-. Victor. EmausBot. GliderMaven. Xee. DeanC81. Fredrik. JOptionPane. Chris the speller. Usbdriver. Zanimum. Wmahan. VKokielov. contributors. Kbk. RockMFR. Beatles2233. NotAnonymous0. Wikibert~enwiki. Thumperward. Mdupont. Widefox. Bemsor. Msuzen. Xionbox. Whsazdfhnbfxgnh. Fireman biff. JoeBot. RussBot. Brusegadi. Adarw. Hu12. Wikibot. Pchachten. Mindmatrix. MC10. Dsarma. Daenney. Finnish Metal. Woohookitty. Starkiller88. Furrykef. and licenses 12. Everton137. Zsinj. Findepi. T23c. Gauss. Rsrikanth05. BlackCatN. Vegardw. Mortense. Wozniak. Gorman. SoxBot III. Kitsunegami. Jefflayman. Rogermw. Trappist the monk. Niteowlneils. Oscar Bravo. Carl Turner. Gmaxwell. J-Baptiste. GateKeeper. Kubanczyk. Lsi john. Martarius. Mikaey.cambiaso. Velella. Gracefool. NicDumZ. Flewis. Gareth Griffith-Jones. GrouchoBot. Mboverload. Ahoerstemeier. Uncle Dick. CliffC. Fraggle81. Drennick. Red. Qrsdogg. Plreiher. Nivix. SuperHamster. Emurphy42. Splintercellguy. Orpenn.Ierna. Swearwolf666. Eiler7. John Cline. TT-97976. Atif0321. Edgar181. LAX. Taxman. Bluefoxicy. Echuck215. Ariel@compucall. ClueBot NG. CanisRufus. Rror. Yintan. Agtx. Vedge. Oshwah. Evercat. Zedmelon.F. J36miles. Kbdank71. CmdrObot. Bgaurav. Hut 8. Graham87. ‫טרול רפאים‬. Donfbreed. Toobulkeh. Fat&Happy. Bucketsofg. DarkMrFrank. Wikfr. Teknopup. Trivialist. Danr2k6. Korath. Blehfu. Anders K Berggren. Yonatan.neill. WeggeBot.250. RobLa. Arthur Ru- bin. Geniac. Rmky87. Escheffel. JonHarder. DarkAudit. Armoraid. Thue. Wjejskenewr. Xqbot. Live- fastdieold. No Guru. Mani1. RLE64. Baylink. Cnwilliams. JMS Old Al. Oddity-. Zhouf12. Modamoda. Jotag14. Godzig. Rich Farmbrough. Prashanthns. EricWesBrown. Andrejj. Alexius08. Mann Ltd~enwiki. Scootey. Peter AUDEMG. Redvers. Hu. Boing! said Zebedee. Mel- . Snowolf. Addihockey10. Dawn Bard. Revolving Bugbear. BanyanTree. Johan Elisson. Shree theultimate. DixonDBot. Yudiweb. Neutrality. Burfdl. Bsdlogical. Slakr. Scientus. Drake144. Goarany. Click23. MetsBot. OrphanBot. KVDP. Useight. Kellyk99. Nethgirb. DerHexer. Zabanio. R3m0t. AntiVan- dalBot. Boborok. Tuspm. Alansohn. Clapaucius. Eric-Wester. Alliekins619. Bender235. Cloud200. Thewrite1. Tmaufer. Vashti- horvat. Yaltaplace. Midnightcomm. Tckma. Malhonen. WikHead. Totakeke423. Sarahj2107. Brown. Bradcis. Adnan Suomi. FinalRapture. XtAzY. Beeblebrox. Rhododendrites. Gwern. Mikeblas. Friejose. Smalljim. Vipinhari. Madman. LilHelpa. Amechad.5. Ramu50. KylieTastic. IronGargoyle. Jayron32. Goncalopp. Pol098. Equendil. Ffffrrrr. AnomieBOT. Nurg. Spaceman85. Charles Matthews. Alerante. Filovirus. Anonymous Dissident. Brianski. MrOllie. Delirium. Viperdeck PyTh0n. Josve05a. Shulini. Pedant17. Phantom- steve. Ulric1313. Naniwako. Robbot. Ghewgill. Cyan. IsmaelLuceno. Who. Remocrevo. Shadowjams. Carlo. Keraunoscopia. Manifestation. Ptbotgourou. Joemadeus. PPBlais. Chowbok. Catamorphism. SchnitzelMannGreek. Bearsona. Pwitham. Pearle. Wesha. Allen4names. Looxix~enwiki. Tothwolf. Gascreed. Larrymcp. Krimanilo. Ixfd64. Violetriga. Demonkill101. RattleMan. Gareth Jones. TyA. Expensivehat. UnitedStatesian. NawlinWiki. TakaGA. K6ka. Escarbot. Crakkpot. Lawrence Cohen. CosineKitty. Closedmouth. Jeffrey Mall. Hagoleshet. Janarius. Berrick. Rdsmith4. Irishguy. Sam Hocevar. Ed Poor. Josh3580. Mtcv. Gaius Cornelius. Vicarious. MrBlueSky. Alan Taylor. Rchamberlain. Nishkid64. Samwb123. Euclidthalis. RjwilmsiBot. RA0808. Mz7. Blackeagle. Sierra 1. Wolfkeeper. L235. I dream of horses. JustAGal. Atif. Rei-bot. AlexandrDmitri. WhisperToMe. SamSim. Melkori. DropDeadGorgias. Sparky132. DanielPharos. Donner60. Lotje. Elecnix. Mufka. Broadbot. Wiredsoul. Dicklyon. DannyFratella. Crukis. Dschrader. Becky Sayles. Bejnar. Asmeurer. Tom. Soma mishra. SmackBot. SaintedLegion. Anne-Caroline~enwiki. Ancheta Wis. Rjc34. Fedevela. THEN WHO WAS PHONE?. Loudsox. Jasper Deng. Msamae83. Bwoodring. DeadEyeArrow. CWii. Jebba. Pablo Mayrgundter. Alphachimp. Lionaneesh. RexNL. Ddcc. CanadianLinuxUser. Darkfred.delanoy. JackHenryDyson. Zac439. Liveste. Maximus Rex. Delirium of disorder. Keith D. Clerks. Blackmo. Echtner. Racerx11. The Cute Philosopher. Rjwilmsi. R'n'B. Bloodshedder. Kuru. Andrzej P. Cia- ran H. Thexelt. Lineslarge. Giraffedata. Drogonov. Stereo. Beland. J. Ryanrs. Ld100. Kakurady. Mako098765. Hmwith. Darkicebot. Ross cameron. GrinBot~enwiki. Denisarona. Persian Poet Gal. PierreAbbat. Rofl. Chicken Quiet. Frankgerlach~enwiki. Herbythyme. Msick33. Zzsql. Raoravikiran. One. Vina-iwbot~enwiki. Paroxysm. Flyer22 Reborn. NeoDeGenero. B1atv. Yobot. Skiidoo. Ryanmshea. Paddingtonbaer. RenamedUser jaskldjslak904. Mdavids. Mch- copl. Ojay123. Anna Lincoln. Abune. Schnoatbrax. Gevron. Mark. Wragge. White Ash. Gwernol. RenamedUser01302013. William Ortiz. XLinkBot. Millisits. Joelee. Sandgem Addict. Sean Whitton. Thijs!bot. Buck O'Nollege. Shuini. Oducado. Oliver Line- ham. Antisoft. Rosarinjroy. Haneef503. Gr- eyCat. DorganBot. Shaddack. Gardar Rurak. David Fuchs. Acdx. DVdm. Kigoe. Fuzheado. Silas S. Andrewpmk. Anonauthor.1 Text • Denial-of-service attack Source: https://en. Access Denied. Aneah. Edward. CTZMSC3. Galorr. Synchronism. Joey Eads. Apankrat. WadeSimMiser. Kenyon. A. Silversam. Fastilysock. KrakatoaKatie.t2. Jak32797. W. Artephius. Tad Lincoln. Dcirovic. RedBot. Excirial. FlaBot. Bushcarrot. Jesant13. QuiteUnusual. Luckas-bot. Petrb. Black Falcon. Gmd1722. Cmichael. Tree Biting Conspiracy. Ivhtbr. Dewritech. Cwagmire. SoulSkorpion. Mechanic1c. Philip Trueman. Gazzat5. Wikimol. Sjö. Cin- namon42. Citation bot. Timwi. Manubot. Pgr94. FoxBot. ElizabethFong. Tide rolls. IRP. Walshga. Balth3465. Kakaopor.

Spicyitalianmeatball. Writ Keeper. DavidLeighEllis.steiner. KH-1. Dwgould. John “Hannibal” Smith. Mark Arsten. World- newsinformant. For the lols haha. Gtaguy235. David. Cathairawr. Mbmexpress. Vieque. Flated. JennishFernandis. Meteor sandwich yum. Soulcedric. K7L. Tom29739. Sarraalqahtani. Ascom99. Delcooper11. Sharanyanaveen. Murler. HoustonMade. Lordangel101. John- hax. Renoldsmartin. Restart32. Canijustgo. GayAlienZ. V1n1 paresh. Kikue26. Dwnd4. Lloydus98. Skunk44. Chiranjeev242. . AllenZh. Superkc. Positronon. Kazkade. Dodi 8238. Jjsantanna. DBZFan30.” • File:Stachledraht_DDos_Attack. Lizard Squadrant. And according to the meta-data in the file. Jianhui67. Bammie73. Juro2351. Pandamaury. Koen2014 7. UpsandDowns1234. Misfoundings. In- finite Guru. Strike Eagle. Franckc2. Thetechgirl. Iciciliser. JamesMoose. ApolloLV. Tentinator. Rogr101. Vlhsrp. Cirflow. Comfr.wikimedia. InternetArchiveBot. UY Scuti. Reacher1989. JohnZLegand. Cyberbot II. Jokingrotten. Op47. CONTRIBUTORS. Soledad- Kabocha. Dboylolz. Jormund. Risc64. Lawandtech. Doulph88.3 Content license • Creative Commons Attribution-Share Alike 3. Vinsanity123.svg Source: https://upload. Probin- crux. AND LICENSES bourneStar. Leemon2010. Cph12345. Fock- eWulf FW 190. Murph9000. Myself. Necabi. Sunndil. Tejasrnbr. NiuWang. Henrychan123. JasonJson. Yasuo Miyakawa. Quitesavvy. Shreesudhu. Rpk74 lb. Melonkelon. Nodove.moreno72. BlackCat1978. FL3SH. Glu- ons12. Ex- tremeRobot. Ashikali1607.Koslowski. Sngs87. Eb1511. Gmuenglishclass. Muhammadabubakar92. Lucyloo10. Gogogirl77. Lasoraf. Kevo1cat. ThatOneGuyGaming. Shakilbhuiyan. O. Sam-the-droid.svg License: LGPL Contributors: All Crystal icons were posted by the author as LGPL on kde-look Original artist: Everaldo Coelho and YellowIcon 12. ChamithN. WannaBeEditor. Unkown934. Tragic8. Jeremyb-phone. Mdann52. YellowLawnChair. Test. Bullaful. Dmtschida. Harmon758. Kiernaoneill and Anonymous: 1329 12. Jacobdunn82. Popo41~enwiki. HMGamerr. Woolw0w. 365adventure. Jakupian. Me. PJone. Jamesede. Jarrodmaddy. DevinP6576. Marchino61. Run4health. Orthogonal1. and Jakub Steiner (although minimally). Mdikici4001. Kainweir. Nutinmyfactsmydude. GreenC bot. Bender the Bot. Junganghansik. RichardMills65. Djcruz94. Clover100. Broadcasterxp. BG19bot. Mleoking. Frogteam. Dexbot. Pvp- masters. Permalinks.14 12 TEXT AND IMAGE SOURCES. Eduart. Sid Shadeslayer. Hazim116. Tonyxc600. Stogers. Web20DOS. Eslam Yosef. XxWoLfxX115. Ogh4x. Palmbeachguy. DNS1999.2 Images • File:Edit-clear. Original artist: The people from the Tango! project. 331dot. Lemondoge. Streakydjl. BattyBot. Noahp15. Kurousagi. Team Blitz. ArmitageAmy. Adsf1234. Widr.wikimedia.0 . Matiia. Fahmedch. Ginsuloft. Max berlings. specifically: “Andreas Nilsson. Lugia2453. MRD2014. Laurdecl. Epicgenius. Chengshuotian. Haroly.svg License: Public domain Contributors: The Tango! Desktop Project. Akashksunny13. Wikiguruman. UNOwenNYC. Cogware. Jmoss57. JNKL. MusikAnimal. Tommate789. Mfordtln. Joefromrandb. Webhostingtips. FrigidNinja. GGShinobi. Rm1271. Satellizer. Minhal Mehdi. 123Hedge- hog456.svg Source: https://upload. Stultiwikia. and I are Here. MadHaTTer666. Vagobot. JoshuaHall155065. Helpful Pixie Bot. .