Weapons Of Mass Destruction Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

On first thought about weapons of mass destructions (WMD's), the word nuclear weapons pops into our minds. However unlike the title of this article suggest this article has nothing to do about nuclear attacks it is about another kind of attacks, that are far more devastating and their devastation comes from the fact that they cannot be foreseen or predicted no matter how good the intelligence agency is, because we know about them only when they happen that if we know about them at all. These kinds of attacks that will be discussed are nuke attacks, also known as denial of service attacks (Dos attacks), Dos attacks have many definitions in different sources however it all comes down to this that Dos attacks usually aim for computers connected to the internet exploiting vulnerabilities or bugs to deprive legitimate users of their resources, for example such an attack could crash a person's computer which is not very dangerous toward a normal person but certainly devastating to businesses which might cause them loss of money if the machine host an e-commerce web site, but more importantly loss of information such loss is of great value to the business and might cause it even more money than losing clients over e-commerce website, as most of the time these information cannot be regained easily. But why are Dos attacks referred to in this paper as weapons of mass destructions? They are referred to that way not because their name contain the word nuke, but rather because of any encyclopedia's definition of WMD's for example Wikipedia's definition of WMD's is "they are weapons that can kill large numbers of humans and/or cause great damage to man-made structures (e.g. buildings), natural structures (e.g. mountains)", and Dos attacks meet the second requirement as they can cause great damage to man-made structures like computers, connection lines and protocols and these causes are verified by the Carnegie Mellon University and the Software Engineering Institute in their classification of what Dos attacks aim for and according to them these attacks aim for 3 things first is consumption of limited resources (e.g. connection lines bandwidth), second change of configuration information (e.g. protocols) and third physical destruction of network components (e.g. computers, printers).

Now that understanding about Dos attacks has been established its time to get informed about the distributed denial of service attacks (DDos), DDos are even more dangerous than Dos attacks as Kim, Yoohwan illustrates

"Distributed Denial of Service (DDos) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized." (2004, 1)

DDos are more dangerous not just because the reasons stated by Kim, Yoohwan but also because many machines are involved in these attacks, in Dos there were only one machine that attacks a certain computer or host or Internet service provider (ISP). DDos attacks have the same aims as Dos attacks to consume limited resources, change configuration information and to physically destruct network components, however these are not the only things they aim for, in dos attacks an inferior machine can take out a much more superior machine, now that multiple machines are involved they can take far more superior entity like an ISP. According to Lau, Wing Cheong (2004, 1) when DDos attacks have the same aims as dos attacks, the attacks are called "end-point attacks", but when they aim for a more superior entity like ISP they are called "infrastructure attacks".

According to the advanced network management lab (ANML), the types of dos attack can be divided into two main categories "flood attacks" and "logic attacks". Flood attacks aim for consuming host resources by flooding the server with requests which generally cause the site to crashing or provide low-grade services, SYN flooding, Smurf IP attack and UDP flooding are examples of flood attacks. Logic attacks aim also for the consumption of the host resources however instead of flooding the server with requests, it sends small specially formed packets that address certain software bugs, ping of death, tear drop and land are all examples of logic attacks. Now let's discuss an example of the flood attacks the SYN flooding, SYN flooding exploits the transmission control protocol (TCP), TCP is the protocol to define communication between a server and a client, TCP's whole concept revolves around three messages that are sent from a client to a server called SYN and a message from server to client called (SYN-ACK) and then from client to server called (ACK), these message have to be sent before a connection can be opened between the server and client. For more information see figure 1.

Figure 1 is based on the information supplied by the CERT organization on report Advisory CA-1996-21.

According to the software engineering institute (CERT) the vulnerability of the TCP is when the server has sent the SYN-ACK to the client but did not receive the ACK message yet and that status is called half-open connection, and the half-open connection causes a problem because according to the CERT

"The server has built in its system memory a data structure describing all pending connections. This data structure is of finite size, and it can be made to overflow by intentionally creating too many partially-open connections." (2000)

Now let's discuss an example of the logic attacks the Land, According to Cisco document 13661, "Somebody has released a program, known as Land, which can be used to launch denial of service attacks against various TCP implementations." And in further illustration of how to program work the program generate a special SYN packet [1] that has the server address and port as both the source and destination address and port which causes confusion at the server and crash the server.

After obtaining knowledge about the Dos and DDos attacks, lets discuss some real life cases that occurred and how where they handled, although denial of service attacks have always existed, they didn't cause any real problems until 2nd of November 1988, when Robert Morris a Cornell university CS graduate student created a worm named Morris worm and launched it, no one knows how many computers it took out however people estimate the number to be between 5000-6000 because someone estimated that the worm took out 10% of the machines connected to the internet at that time as Paul Graham a programmer and Morris's friend states "I was there when this statistic was cooked up, and this was the recipe: someone guessed that there were about 60,000 computers attached to the Internet, and that the worm might have infected ten percent of them." and on these basis Robert Morris was prosecuted under the 1986 Computer Fraud and Abuse Act and found guilty and was sentenced to 3 years of probation, 400 hours community service and a fine of 10,000 US dollars, because of that worm the defense advanced research project agency (DARPA) established the CERT at Carnegie Mellon University to deal with network emergencies.

After the Morris worm attack, other attacks took place but the first to be of great significance occurred in February, 2000 when Michael Calce also known as MafiaBoy coordinated DDos attacks against major businesses websites among which, yahoo, dell, CNN and many others. The attacks completely crashed the websites and caused a sum of 1.2 billion Canadian dollars, to the global economy as stated by Kevin Johnson. Conway Dale illustrates that during Michael's prosecution his name couldn't be released by the media because he was only 15 years old at that time, and was protected under the Canadian Youth Criminal Justice Act he was facing a sum of 56 criminal charges of mischief. Dale, Conway states "On Thursday, 18th of January 2001 he pled guilty to the charges", and on September 12th, 2001 as reported by McCarthy, Kieren "he was sentenced to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine."

Another dangerous incident as reported by the Internet Corporation for Assigned Names and Numbers (ICANN) occurred at 12:00 pm UTC time "for approximately two-and-a-half hours, the system that underpins the Internet came under attack. Three-and-a-half hours after the attack stopped, a second attack, this time lasting five hours, began." In further illustration the ICANN stated that their core DNS server was hit with a massive wide scale distributed denial of service attacks, in these attacks a large amount of rubbish data was sent from different points all over the internet to computer servers to disrupt the systematic flow of the internet. Until the present day the ICANN could not identify who is behind these attacks or what's their agenda.


Encyclopedia, Wikipedia, Weapons of mass destruction. Definitions, Retrieved (12/3/2010) from http://en.wikipedia.org/wiki/Weapon_of_mass_destruction

Institute, Software Engineering (1997), Denial of Service attacks. Carnegie Mellon University, Retrieved (12/3/2010) from http://www.cert.org/tech_tips/denial_of_service.html

Institute, Software Engineering (2000), Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks. Carnegie Mellon University, Retrieved (12/3/2010) from http://www.cert.org/advisories/CA-1996-21.html

PhD Lo, Joseph (1999), Denial of service attacks or "nuke" attacks. IRChelp.org's security section, Retrieved (12/3/2010) from http://www.irchelp.org/irchelp/nuke/

Howard, John (1995), An Analysis of Security Incidents on the Internet, chapters 11-12. Dissertation, Retrieved (12/3/2010) from http://www.info-sec.com/internet/Howard/Chapter11.html and http://www.info-sec.com/internet/Howard/Chapter12.html

Yoohan, Kim and Lau, Wing Cheong and Chuah, Mooi Choo and Chao, H. Jonathan (2004), PacketScore: Statistics-based Overload Control against Distributed Denial-of-Service Attacks. IEEE infocom, Retrieved (12/3/2010) from http://www.silicon.com/white-papers/intrusion-tampering/2004/01/01/packetscore-statistics-based-overload-control-against-distributed-denial-of-service-attacks-60461899/

Lab, Advanced network management (2001), Types of DDos attacks. Indiana university, Retrieved (13/3/2010) from http://anml.iu.edu/ddos/types.html

Organization, Cisco Systems (1997), Cisco Security Advisory: TCP Loopback Dos Attack (land) and Cisco Devices. Security Advisory, Retrieved (13/3/2010) from http://www.cisco.com/warp/public/707/cisco-sa-19971121-land.shtml

Encyclopedia, Wikipedia (2010), Morris worm. Definitions, Retrieved (13/3/2010) from http://en.wikipedia.org/wiki/Morris_worm

Corporation, Internet Assigned Names and Numbers (2007), Root server attack on 6 February 2007. Factsheet, Retrieved (13/3/2010) from http://www.icann.org/en/announcements/factsheet-dns-attack-08mar07.pdf

Johnson, Kevin (2000), 'Mafiaboy' trying to stare down prosecutors Lawyer. Infosecnews.org, Retrieved (14/3/2010) from http://www.infosecnews.org/hypermail/0012/3171.html

McCarthy, Kieren (2001), Mafiaboy given eight months: Hailed by lawyers as 'strong message' to hackers. Theregister.co.uk's security, Retrieved (14/3/2010) from http://www.theregister.co.uk/2001/09/13/mafiaboy_given_eight_months/

Daly, Conway (2001), Computer hacker known as Mafiaboy enters guilty plea on 56 charges. The Montreal gazette, Retrieved (14/3/2010) from http://www.efc.ca/pages/media/2001/2001-01-19-a-montrealgazette.html