Information Technology Reference
The novelty of this scheme is that the attack takes place in two phases: the
first (lasting months) in which a large number of computers (primary victim)
become infected, covering the roles of agents and handlers. The infection
mechanisms can be as classic viruses, or code injection.
The second phase is the DoS attack itself, during which, in a few
moments, the primary victims are used to send the requests and packets to the
targets of the attack, the so-called secondary or final victims. An attack to a
centralized authentication server, for example, can block the use of many
services required by users. The mechanisms for authentication for UC are
oriented to a decentralization that certainly lowers the security threatening for
users to attacks of this kind.
6.5 Sleep deprivation torture
The most interesting type of DoS attacks are those that take into account the
link between security and preservation of power. Power supply of devices
such as PDAs, just because of their mobile nature, is granted by batteries,
which have always limited life. If a PDA has little energy in batteries, it tries,
whenever it can, to go into stand-by mode to preserve energy as much as
possible. This particular attack, efficient and selective, tries to keep 'awake'
the PDA until the battery is discharged. As a result you get of course the
momentary removal of the device [STAJA00]. But the attacker might also
want to isolate a device, disabling all those with whom it communicates,
creating the so-called ring of evil.
6.6 MAC address spoofing
The phrase 'MAC Address spoofing' in this context refers to a change in the
MAC Address of the attacker to any other value. MAC spoofing is
conceptually different from traditional IP Address spoofing, where an attacker
sends data from an arbitrary source and simulates another IP address. Almost
all 802.11 cards in use allow the alteration of their MAC addresses. For
example, using the open source drivers for Linux, a user can change their MAC
Address with the ifconfig tool, or with a small C program that suitably calls the
function ioctl(). Windows users are allowed to change the MAC address by
selecting the properties of their network adapter driver in the control panel.
An attacker may choose to alter its MAC Address for several reasons,
including confusing its presence on the network, excluding the listings of
access control or impersonate an already user authenticated:
Presence hiding : one can choose to change his MAC Address trying to
elude intrusion detection systems of the network (NIDS). A common
example is that an attacker runs a script to attack with a random MAC