In cases where denial of service attacks did occur, it was either by accident or relatively easy to figure out who was responsible. The individual could be disciplined outside the operating system by other means.
- Dennis Ritchie
A denial of service attack is an attack in which one user takes up so much of a shared resource that none of the resource is left for other users. Denial of service attacks compromise the availability of the resources. Those resources can be processes, disk space, percentage of CPU, printer paper, modems, or the time of a harried system administrator. The result is degradation or loss of service.
UNIX provides few types of protection against accidental or intentional denial of service attacks. Most versions of UNIX allow you to limit the maximum number of files or processes that a user is allowed. Some versions also let you place limits on the amount of disk space consumed by any single UID (account). But compared with other operating systems, UNIX is downright primitive in its mechanisms for preventing denial of service attacks.
This is a short chapter because, as Ritchie noted, it is usually easy to determine who is responsible for a denial of service attack and to take appropriate actions.
There are two types of denial of service attacks. The first type of attack attempts to damage or destroy resources so you can't use them. Examples range from causing a disk crash that halts your system to deleting critical commands like cc and ls.
The second type of attack overloads some system service or exhausts some resource (either deliberately by an attacker, or accidentally as the result of a user's mistake), thus preventing others from using that service. This simplest type of overload involves filling up a disk partition so users and system programs can't create new files. The "bacteria" discussed in Chapter 11, Protecting Against Programmed Threats, perform this kind of attack.
Many denial of service problems in this second category result from user error or runaway programs rather than explicit attacks. For example, one common cause is typographical errors in programs, or reversed conditions, such as using the statement x==0 when you really meant to type x!=0.
There are a number of ways to destroy or damage information in a fashion that denies service. Almost all of the attacks we know about can be prevented by restricting access to critical accounts and files, and protecting them from unauthorized users. If you follow good security practice to protect the integrity of your system, you will also prevent destructive denial of service attacks. Table 25.1 lists some potential attacks and how to prevent them.
Attack | Prevention |
---|---|
Reformatting a disk partition or running the newfs/mkfs command. | Prevent anyone from accessing the machine in single-user mode. Protect the superuser account. Physically write-protect disks that are used read-only. |
Deleting critical files (e.g., needed files that are in /dev or the /etc/passwd file) | Protect system files and accounts by specifying appropriate modes (e.g., 755 or 711). Protect the superuser account. Set ownership of NFS-mounted files to user root and export read-only. |
Shutting off power to the computer | Put the computer in a physically secure location. Put a lock on circuit-breaker boxes, or place them in locked rooms. (However, be sure to check the National Electric Code Section 100 regarding the accessibility of emergency shutoffs. Remember that a computer that is experiencing an electrical fire is not very secure.) |
Cutting network or terminal cables | Run cables and wires through conduits to their destinations. Restrict access to rooms where the wires are exposed |