Attack On Baidu.Com Using Syn Flooding
China's biggest and most admired search engine Baidu.com, was abused by cyber-terrorists on September 12, 2006. The malfunction persisted for about half an hour.
Baidu.com affirmed that the strike was intentional and carefully planned. A few reflected that it's the fallout of latest reduction of workforce and lawsuits against ex-customers.
According to Liu Jianguo, the chief technology officer of Baidu.com, the cyber-terrorists resorted to SYN flooding to generate many IP addresses overburdening the hosts.
SYN flood is a kind of denial of service strike wherein a countless TCP SYN requests (the initial message in a TCP/IP link), generally with fake origin IP addresses, are transmitted to a goal.
Once the strike starts, the host counters every effort to start communication with (reset) RST message from sealed ports and a synchronization acknowledged or SYN/ACK message from an exposed port. A usual 3-way handshake allows clients to send back an ACK message to acknowledge receipt of the host's SYN/ACK, before interaction. But the hostile client does not return the ACK data unit in a SYN flood. Instead of this, hostile client sends out SYN packets to other host ports.
Half-open links can be manipulated by the hostile client to gain entry into the host files. The transfer of SYN messages by hostile client meant for detecting open ports & infiltrating into some of these is known as SYN scanning. The hostile client can distinguish an open port when the host retorts with a packet of SYN/ACK.
The ISP filtration solution would not only stop TCP SYN flooding attacks cold, but also block other attacks that rely on source-address spoofing. The other solutions involve changing the operating system's TCP/IP networking. The simplest solutions increase the size of the queues and reduce the timeout values, increasing the targeted system's resistance to the attacks.
Liu had thought reprisal was from an organization and not a person. Baidu.com has been restored to its original form.
» SPAMfighter News - 29-09-2006