Denial of service: Simple mistake, big impact

One aspect of security that is being impacted more and more is Availability. Hackers are attacking the Availability of sites or services by preventing users from accessing them. You may have heard of a few in the news just this year like preventing you from getting to your bank or the largest Denial of Service (DoS) attack ever seen that slowed the Internet for everyone.

Not every impact on Availability needs to be a coordinated attack against a major company, sometimes it can be a simple mistake that affects you where you work. Here is a true story of an accidental internal DoS attack.

Picture an organization on a Friday morning. A team working on a project needed to work in an building they normally didn’t use so they started the day early. A half hour before the work day officially started, the IT manager received a call from one of the help desk technicians: she had logged in to her PC, but couldn’t reach any network resources. Troubleshooting showed that the PC had been assigned an IP address (a number identifying each computer on the network) that the organization didn’t normally use. The helpdesk was put on alert to look for more examples of the problem. Sure enough, within five minutes the helpdesk received seven more calls with the same problem.

The culprit was tracked down to a rogue DHCP server on the network that was dutifully handing out IP addresses instead of letting the organization’s server provide them. As soon as the employees arrived at their desks, they would log into their PCs, pick up an address from the rogue server that the rest of the organization didn’t recognize, and so they couldn’t communicate to the network resources they needed to. Think of it like someone changing your home address without telling anyone. Package deliveries or someone coming to fix your cable would never make it to your doorstep.

A helpdesk technician found a home router in the third office that he visited that morning. Once the misbehaving device was disconnected, the problem was solved and the calls stopped coming into the help desk. The owner of the device had not intended to cause trouble; his team was in a new area and everyone needed the network and so he plugged a home router into the wall for them to connect to. Whoops…

When you make changes, always be mindful of how it can affect other areas. If you have questions or are unsure, don’t be afraid to ask for assistance. One good place to start is the CTS Service Desk (360-753-2454).

RESOURCES
http://www.sans.org/reading_room/whitepapers/bestprac/practical-cyber-security-training-techniques-support-employees_34267
http://www.cnn.com/2013/03/27/tech/massive-internet-attack