The purpose of this page is to provide information and defenses against Denial of Service (DoS) attacks, which cause networked computers to disconnect from the network or just outright crash. For example, a teenager using very simple DoS tools managed to cripple the web sites of large companies like Yahoo and Amazon during a series of attacks in February 2000 (see this CNN article). These attacks are sometimes also known as "nukes", "hacking", or "cyber-attacks", but we will use the technically correct term of DoS attacks.
DoS attacks are very common but they are not a joking matter. In the US, they can be a serious federal crime under the National Information Infrastructure Protection Act of 1996 with penalties that include years of imprisonment, and many countries have similar laws. At the very least, offenders routinely lose their Internet Service Provider (ISP) accounts, get suspended if school resources are involved, etc.
Often the victims are people on Internet Relay Chat (IRC), but DoS attacks do not involve IRC servers in any way, so IRC operators (IRC ops) cannot stop or punish the offenders. If you are attacked, try not to take it personally and do not retaliate, or else you will be breaking the law yourself and probably just inviting a much more determined new attack. Instead, read this page to learn more about these attacks, make sure your computer is patched against known weaknesses, and if necessary consider getting some protective "firewall" software. Denial of service should not be confused with other attacks like viruses, Trojan Horses, and cracking or "hacking".
There are two types of DoS attacks, both of which are described in the next major section:
These attacks exploit bugs in a specific operating system (OS), which is the basic software that your computer runs, such as Windows XP. In general, when these problems are identified, they are promptly fixed by the company such as Microsoft, so if you frequently apply the latest security patches, you greatly reduce this vulnerability. All Windows users should regularly visit Microsoft's Windows Update Site which automatically checks to see if you need any updates.
These attacks exploit inherent limitations of networking to disconnect you from the IRC server or your ISP, but don't usually cause your computer to crash. Sometimes it doesn't even matter what kind of operating system you use, and you cannot patch or fix the problem directly. The attacks on Yahoo and Amazon mentioned at the top of this page were large scale networking attacks, and demonstrate how nobody is safe against a very determined attacker. Network attacks include outright floods of data to overwhelm the finite capacity of your connection, spoofed unreach/redirect aka "click" which tricks your computer into thinking there is a network failure and voluntarily breaking the connection, and a whole new generation of distributed denial of service attacks (although these are seldom used against individuals).
Just because you got disconnected with some unusual error message doesn't mean you got attacked. Almost all disconnects are due to natural network failures. On the other hand, you should feel suspicious if you get disconnected repeatedly, especially if it happens only when you frequent certain IRC channels or talk to certain people. (If that's the case, shouldn't you really just avoid these troublemakers?)
What can you do about networking attacks? If the attacker is flooding you, you essentially must have a better connection than he does. Otherwise your only recourse may be a firewall run by your ISP. We do not recommend average users go and download personal software firewalls blindly! The subject of firewalls is covered in our firewall FAQ which includes a detailed discussion on personal software firewalls.
Microsoft's Windows Update [external link]
CERT Home Security [external link]
Tracing & Monitoring
BugTraq [external link]