InterNet Riot

From Illogicopedia
Jump to navigation Jump to search


      Whoops! Maybe you were looking for [[Denial Of Service Attack]]?

InterNet Riots, or "Cyber Mutinies", are a form of payload used by computer viruses. It is mainly a way of generating significant computer network traffic on a victim network. Some of the weaker ones can leave particular computers from network access for days or even weeks if done properly, and some of the stronger ones have the power to devastate the broadband of entire countries, leaving the populace offline for months. Unlike Denial of Service Attacks, which overload a server or database with so many requests for information it causes it to crash, InterNet riots are more complex in that it involves carrying just one request, albeit an incredibly malformed and malicious one.

A diagram of a very basic internet riot. More complex ones involve more intricate methods.

The term was coined in 1998 by the hacker group JnL with the intent of disrupting America On-Line's services, which they called the "AOL riot". Though the first attempt was relatively un-successful, the second which occured on December 31, 2000, managed to leave 200,000 users offline and cemented internet riots as a popular form of attack.

How one works[edit | edit source]

This attack relies on a perpetrator sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, all of which have a spoofed source IP address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all hosts (for example via a layer 2 broadcast), most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet. For example, a worm called Sober.X managed to net over 1200 computers into attacking FOXCONN, causing $320,964 (£52,640) in damages.

Examples[edit | edit source]

Though computer worms are the most practical and used ways of initiating an InterNet riot. The "fraggle attack", where an attacker sends a large amount of UDP echo traffic to IP broadcast addresses, all of it having a fake source address, is a tried-and-tested method which works better in small-scale riots. W32.Sober.K, for example, was a Visual Basic script that was spread through the fraggle attack method. It managed to leave over 40,000 computers in Leipzig off-line, most of them used for market research. Two examples of 'normal' interNet riots include:

  • FCD.doc - The "AOL riot", notable for being the first internet riot.
  • NetSky.D - Notable for being the most powerful and disruptive internet riot.
Retrieved from "https://en.illogicopedia.org/w/index.php?title=User:Another_n00b/2-metre_knife_guy&oldid=176054"