Denial of service attack question

[Guthrie]

I'm a screenwriter (yes, a real one) and I'm working on a script in which a denial of service attack is a key element. These used to be in the news all the time, but I don't see much about them anymore. Do they still occur? How many computers would it take to be effective? I assume an attack on Google would take a lot more than an attack on somebody's personal site.

[ohgeetee]

The most realistic scenario for DoS now would be utilizing zombie pc's setup to all attack the same site at once. 'hacking' in movies is a real thin ice scenario. so many movies do it horribly, but to the avg joe it goes over fine. others are just ridiculous all the way around, ie swordfish.

I think if you posted what you want your end result to be, you could get better answers. for instance, do you want to have a company's finances in jeopardy, a national news site cut off from the world, etc. once this is laid out, it should be very easy to come up with a 'hack' that gets the respect of the computer savvy but doesn't go over the head of the layperson.

[Freakin]

Guthrie,

Basically you're going to need to match the available computing power and bandwidth of the target for a basic consumption based DOS attack.

So if it is someone's random site on a 1.5mb connection on a basic everyday webserver, you could probably do it effectively with 3-4 computers on decent broadband connections.

Something like that would be much easier to trace back to the originating computers.

The most effective DoS attack would be embedded in a popular piece of software, like a filesharing app.

I would think that to effectively DOS a company like google you would probably need millions of computers. Google probably gets millions of pageviews a day, and it is designed to handle hundreds of thousands of simulataneous users. I would go so far as to say that you probably coulnd't DOS google with a basic consumption attack. You would have to attack the infrastructure in between to try to disrupt service.

The wikipedia page on DDOS attacks is pretty good.

No one really lists numbers because it is all completely based on the setup of the site. If I were you I would call it hundreds of thousands up to millions of computers for a large-scale attack.

The infrastructure of most companies could be locked up with hundreds or thousands (easily less than 10k) of computers.

[Neuge]

[ QUOTE ]
I would think that to effectively DOS a company like google you would probably need millions of computers. Google probably gets millions of pageviews a day, and it is designed to handle hundreds of thousands of simulataneous users. I would go so far as to say that you probably coulnd't DOS google with a basic consumption attack. You would have to attack the infrastructure in between to try to disrupt service.

[/ QUOTE ]
Amazon surely has tens of millions of pageviews, though probably less than Google, but gave themselves a consumption DOS attack around November last year by selling Xbox 360s for $100. It took what was probably tens of millions of computers, but it's still possible.

[Guthrie]

The exact situation is a villain, very knowledgeable of the internet, and with substantial hardware resources, but far short of Google or other major corporation, is putting up a live video feed and threatening some terrible action on the live feed.

Our hero deduces that if the live feed is slowed down, or stopped, then the terrible action will not occur, since the villain will not have the satisfaction of the world seeing the action. So hero needs to enlist the aid of X number of people with computers around the world to attack villain's computer, or server, or bank of servers.

Hero also needs to determine the physical location of the live video feed.

[kerowo]

The thing to remember about hacking is it is about as exciting to watch as you writing a screen play. You may want to look at the John Sanford Kidd novels, in them the hero is a bit of a hacker but is friends with a secretive hacker friend with all sorts of resources. Something like that would make it possible for your hero to enlist the aid of enough resources to mount a successful DOS attack against your villian.

Mostly what this would look like is someone sending an ICQ message or it's equivalent to their bot army, which are basically unsecured pc's around the globe that have been infected with some kind of root kit software. The goal of these machines is to send out spam or DDOS someone without the owner of the machine noticing. Do some googling on bad hacking in the movies and you will get all sorts of problems with existing hacking based movies and how they tried to make typing exciting.

[Freakin]

what if hero were to determine the location of the feed then spoof something else that really translates to villians location

so hero gets out a viral message that will interest the known population (somethine like a $100 xbox only much more interesting) then every computer using citizen tries to go there of their own accord and inadvertently DDOSes the villians hardware

does that make any sense?

[Percula]

[ QUOTE ]
The exact situation is a villain, very knowledgeable of the internet, and with substantial hardware resources, but far short of Google or other major corporation, is putting up a live video feed and threatening some terrible action on the live feed.

Our hero deduces that if the live feed is slowed down, or stopped, then the terrible action will not occur, since the villain will not have the satisfaction of the world seeing the action. So hero needs to enlist the aid of X number of people with computers around the world to attack villain's computer, or server, or bank of servers.

Hero also needs to determine the physical location of the live video feed.

[/ QUOTE ]

So why doesn't the hero team with a group of white hat hackers with bot networks and maybe has to enlist the help of some not so white hat hackers... to find the source.

Then has to overcome of difficult social and technical task to take total control of all the bot computers to launch the DDoS counter attack. Whereby most of the worlds PC's stop the attack without the knowledge of the owners, at least until the re-counter attack, when a final "push" is needed, where everyone has to execute a command on their PC to make it finally work.

[BiPolar_Nut]

[ QUOTE ]
a group of white hat hackers with bot networks

[/ QUOTE ]

lol

No offense, Perc....I respect your posts and you have (at least to me) proven your inner-tech knowledge.....but that statement really really struck my funny bone tonight.

Hope you were leveling.....or drunk [img]/images/graemlins/wink.gif[/img]

White hat hackers w/ botnets?

priceless.

[ispiked]

[ QUOTE ]
So hero needs to enlist the aid of X number of people with computers around the world to attack villain's computer, or server, or bank of servers.

[/ QUOTE ]
This sounds completely unrealistic in my opinion. Maybe the general public would buy this, but I think maybe paying someone to gain access to a botnet sounds much more realistic.

I don't mean to sound offensive or anything, but I really hope that asking this question on 2+2 isn't your primary resource for learning about (D)DoS attacks.