cruz report on computer abuse issues and dos
TRANSCRIPT
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 1/14
Topic Report for MMS101
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 2/14
Source:
http://comjnl.oxfordjournal
s.org/content/21/3/194.full.
pdf+html
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 3/14
Source: Salehnia, Ali
(2002). Ethical Issues of
Information System.
Hershey, PA: IRM Press.
Retrieved from
http://books.google.com.p
h/books?id=ymVCydQcSlM
C&printsec=frontcover&hl=en#v=onepage&q&f=false.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 4/14
In the Philippines we have the "Electronic
Commerce Act" :
Republic Act No. 8792
AN ACT PROVIDING FOR THE RECOGNITION
AND USE OF ELECTRONIC COMMERCIAL AND
NON -COMMERCIAL TRANSACTIONS AND
DOCUMENTS, PENALTIES FOR UNLAWFUL
USE THEREOF AND FOR OTHER PURPOSESSource: (read more)
http://www.digitalfilipino.com/writing_artic
le.cfm?id=20
In the United States it has "Computer Fraud and
Abuse Act of 1986" :
(Computer Fraud and Abuse Act of 1986) Signedinto law in 1986, the CFA was a significant step
forward in criminalizing unauthorized access to
computer systems and networks. The Act applies
to "federal interest computers" that include any
system used by the U.S. government as well as
most financial institutions. It says that
unauthorized penetration or other damage tosuch systems is a felony, as is trafficking in
password or other access codes.
Source: (read more)http://www.answers.com/topic/computer-fraud-and-
abuse-act#ixzz1DFHRTSPU
Computer abuse issues are critical menace which are usually unrecognized. "The perpetrators are
found to be computer specialists, outsiders, and systems users. Each category approaches the abuse
in differing ways: the computer installation, the input media, the software and programs, the data
bank and the computer output are all at risk. " ( A.D. Chambers: Computer Fraud and Abuse )
With such concerns legal laws have been created and to cite some examples are as follows:
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 5/14
When computer usage had started its widespread, therewere not much of its abuse issues as it has today. Computerabuse issues covers a various forms and base on our modulewe would only cover for the prevailing classifications asfollows:
denial of service attack
spamming
worms & viruses
hacking
flamming
Internet hoaxes
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 6/14
What is Denial of Service
Attack DoS
According to Farlex’s dictionary, DoS is “n assault on anetwork that floods it with so many additional requests
that regular traffic is either slowed or completely
interrupted. Unlike a virus or worm, which can cause
severe damage to databases, a denial of service attack
interrupts network service for some period. A
distributed denial of service (DDOS) attack uses multiple
computers throughout the network that it has
previously infected. The computers act as "zombies"
and work together to send out bogus messages, thereby
increasing the amount of phony traffic.”
Source: The Free Dictionary br Farlex. Denial of Service Attack. Retrieved
from http://encyclopedia2.thefreedictionary.com/Denial+of+service+attack
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 7/14
What is a denial-of-service (DoS) attack?
In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate
users from accessing information or services. By targeting your computer and
its network connection, or the computers and network of the sites you are
trying to use, an attacker may be able to prevent you from accessing email,
websites, online accounts (banking, etc.), or other services that rely on the
affected computer.The most common and obvious type of DoS attack occurswhen an attacker "floods" a network with information. When you type a URL
for a particular website into your browser, you are sending a request to that
site's computer server to view the page. The server can only process a certain
number of requests at once, so if an attacker overloads the server with
requests, it can't process your request. This is a "denial of service" because
you can't access that site.
An attacker can use spam email messages to launch a similar attack on your
email account. Whether you have an email account supplied by your
employer or one available through a free service such as Yahoo or Hotmail,
you are assigned a specific quota, which limits the amount of data you can
have in your account at any given time. By sending many, or large, email
messages to the account, an attacker can consume your quota, preventing
you from receiving legitimate messages.
Source: McDowell, Mindi
(2004). Understanding
Denial-of-Service Attacks.
US-CERT (United States
Computer emergency
Readiness Team). Carnegie
Mellon University. Retrieved
from http://www.us-cert.gov/cas/tips/ST04-
015.html.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 8/14
Types of Denial of Service
Attack DoS
consumption of scarce, limited, or
non-renewable resources
destruction or alteration of
configuration informationphysical destruction or alteration
of network components
Source: Albacea, Eliezer A. (2009). MMS 101 Intrduction to Information
Technology. Diliman, Quezon City: University of the Philippines Open University.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 9/14
Source: McDowell, Mindi (2004). Understanding Denial-
of-Service Attacks. US-CERT (United States Computer
emergency Readiness Team). Carnegie Mellon
University. Retrieved from http://www.us-
cert.gov/cas/tips/ST04-015.html.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 10/14
How do you avoid being part of the problem?
Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps
you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
Install and maintain anti-virus software
Install a firewall, and configure it to restrict traffic coming into and leaving your compute
Follow good security practices for distributing your email address Applying email filters may help you manage
unwanted traffic
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service attack. There may be technical
problems with a particular network, or system administrators may be performing maintenance.
However, the following symptoms could indicate a DoS or DDoS attack:
unusually slow network performance (opening files or accessing websites)
unavailability of a particular website
inability to access any website
dramatic increase in the amount of spam you receive in your account
What do you do if you think you are experiencing an attack?
Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual
target or source of the attack. Contact the appropriate technical professionals for assistance.If you notice that you cannot access your own files or reach any external websites from your work computer,
contact your network administrators. This may indicate that your computer or your organization's network is being
attacked.
If you are having a similar experience on your home computer, consider contacting your internet service provider
(ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.
Source: McDowell, Mindi (2004). Understanding Denial-of-Service Attacks. US-CERT (United States Computer
emergency Readiness Team). Carnegie Mellon University. Retrieved from http://www.us-cert.gov/cas/tips/ST04-
015.html.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 11/14
The Ping of Death attack
relied on a bug in the
Berkeley TCP/IP stack whichalso existed on most systems
which copied the Berkeley
network code. The ping of
death was simply sending
ping packets larger than
65,535 bytes to the victim.
This denial of service attack was as simple as:
The earliest form of denial of
service attack was the flood
attack. The attacker simply sends more traffic than the
victim could handle. This
requires the attacker to have
a faster network connection
than the victim. This is the
lowest-tech of the denial of
service attacks, and also themost difficult to completely
prevent.
These are a few of the classic
denial of service attacks. Most
of these rely upon weaknessesin the TCP/IP protocol. Vendor
patches and proper network
configuration have made most
of these denial of service
attacks difficult or impossible
to accomplish.
DoSTypes Flood Attack 1Ping of
Death Attack 3
Types of Denial of Service (DoS) attacks
Source: Denial of Service (DoS) Attacks. TopBits.com. Retrieved from http://www.tech-faq.com/denial-of-service-dos-attacks.html.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 12/14
In the Smurf Attack, the
attacker sends a ping request
to a broadcast address at athird-party on the network.
This ping request is spoofed
to appear to come from the
victims network address.
Every system within the
broadcast domain of the
third-party will then send pingresponses to the victim.
The Teardrop Attack uses
IP's packet
fragmentationalgorithm tosend corrupted packets to the
victim machine. This confuses
the victim machine and may
hang it.
In the TCP protocol, handshaking of
network connections is done with
SYN and ACK messages. The system
that wishes to communicate sendsa SYN message to the target
system. The target system then
responds with an ACK message. In
a SYN attack, the attacker floods
the target with SYN messages
spoofed to appear to be from
unreachable Internet addresses.This fills up the buffer space for SYN
messages on the target machine,
preventing other systems on the
network from communicating with
the target machine.
Teardrop
Attack 4 Smurf Attack 5SYN Attack 3
Source: Denial of Service (DoS) Attacks. TopBits.com. Retrieved from http://www.tech-faq.com/denial-of-service-dos-attacks.html.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 13/14
Chambers, A. D. (September 1997). Computer fraud and abuse. The Computer
Journal (1978) 21 (3): 194-198. Retrieved from
http://comjnl.oxfordjournals.org/content/21/3/194.full.pdf+html.
Sources
Toral, Janet. The Philippines E-Commerce Law - Republic Act No. 8792. Retrieved
from http://www.digitalfilipino.com/writing_article.cfm?id=20.
Gale Encyclopedia of Espionage & Intelligence: Computer Fraud and Abuse Act of
1986. Answers.com. Retrieved from http://www.answers.com/topic/computer-fraud-
and-abuse-act
Albacea, Eliezer A. (2009). MMS 101 Intrduction to Information Technology. Diliman,
Quezon City: University of the Philippines Open University.
8/6/2019 Cruz Report on Computer Abuse Issues and DoS
http://slidepdf.com/reader/full/cruz-report-on-computer-abuse-issues-and-dos 14/14