Timeline for Does it make sense to consider a triggerable server software crash a DOS attack?
Current License: CC BY-SA 4.0
29 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Feb 2, 2019 at 10:48 | history | suggested | Rubydesic | CC BY-SA 4.0 | pedantic grammar |
| Feb 1, 2019 at 19:49 | review | Suggested edits | |||
| S Feb 2, 2019 at 10:48 | |||||
| Feb 1, 2019 at 12:00 | comment | added | Polygnome | This isn't much different from a Ping of Death, and those are considered DoS attacks. | |
| Jan 31, 2019 at 22:45 | answer | added | DarcyThomas | timeline score: 1 | |
| S Jan 31, 2019 at 21:01 | history | suggested | Seldom 'Where's Monica' Needy | CC BY-SA 4.0 | Clarified title. |
| Jan 31, 2019 at 19:56 | review | Suggested edits | |||
| S Jan 31, 2019 at 21:01 | |||||
| Jan 31, 2019 at 13:55 | comment | added | Conor Mancone | @Josh Thanks Josh. I ended up adding an answer to talk through that distinction anyway, as the technology set matters. I haven't ever done node hosting (just PHP and Python) and wasn't clear from his terminology what exactly he was describing. That seems a bit crazy to me though, which is probably why I was confused in the first place. I'm used to application and server being separate, in which case no amount of unhandled exceptions can cause problems for the service itself - just for the one request that generated the application error. | |
| S Jan 31, 2019 at 10:39 | history | edited | schroeder♦ | CC BY-SA 4.0 | Restructured sentences to understand the context between Node.js Server and Web Application. Since, the Web Application is hosted on Node.js Server. |
| S Jan 31, 2019 at 10:39 | history | suggested | Yogesh Shelke | CC BY-SA 4.0 | Restructured sentences to understand the context between Node.js Server and Web Application. Since, the Web Application is hosted on Node.js Server. |
| Jan 31, 2019 at 9:41 | review | Suggested edits | |||
| S Jan 31, 2019 at 10:39 | |||||
| Jan 31, 2019 at 4:34 | comment | added | Josh | @ConorManconeI read that as the service crashes until restarted, E.G. "run again (on the server)" for example, starting a node process in a screen session: if there's an uncaught exception the NodeJS server process dies until restarted. Obviously one mitigation here is that critical services would be auto-restarted on failure by something like systemd or monitoring software but that doesn't mitigate against a flood of poison pill attacks | |
| Jan 31, 2019 at 0:01 | comment | added | Mark | You hear about flood-based DoS attacks because they're very simple to do: the attacker just needs more bandwidth than the target. This makes them by far the most common form of attack. | |
| Jan 30, 2019 at 17:25 | answer | added | le3th4x0rbot | timeline score: 4 | |
| S Jan 30, 2019 at 15:18 | history | suggested | Outman | added the 'attacks' tag | |
| Jan 30, 2019 at 14:00 | answer | added | Conor Mancone | timeline score: 9 | |
| Jan 30, 2019 at 13:50 | comment | added | Conor Mancone | I think a little bit more detail about this point is important: It crashes (until someone runs it again). What happens to future requests, exactly? If the server crashes for you, but continues operating normally for all other users, then I would say you have more of a bug then a DOS attack, because the service is still available to other people. Technically you have DOS'ed yourself, so there is a bug for them to fix, but if the only impacted user is yourself then you don't have much of an attack (typically). | |
| Jan 30, 2019 at 13:50 | review | Suggested edits | |||
| S Jan 30, 2019 at 15:18 | |||||
| Jan 30, 2019 at 12:38 | answer | added | virolino | timeline score: -7 | |
| Jan 30, 2019 at 11:38 | comment | added | IMSoP | @zero298 I'd mildly disagree: the title doesn't need to contain the whole context and nuance of the question, that's what the question body is for. I'd be fine with an even shorter title, like "Is a software crash a DoS attack?" The answer to the title would be "sometimes", but if someone posted that, it would be clear they were too lazy to read the actual question. | |
| Jan 30, 2019 at 6:30 | comment | added | zero298 | I would change your title to a “triggered” software crash. Random crashing isn’t really DoS, but the fact that you can cause it on command is the key part. | |
| Jan 30, 2019 at 4:17 | answer | added | sarnold | timeline score: 10 | |
| Jan 30, 2019 at 4:11 | comment | added | Josh | This would be a DoS attack, specifically I have seen such attacks called “poison pill” attacks before... but I am unable to find a reference for this right now | |
| Jan 30, 2019 at 3:00 | history | tweeted | twitter.com/StackSecurity/status/1090444705995915264 | ||
| Jan 30, 2019 at 2:25 | comment | added | slebetman | As long as it prevents users from using the service it is a DOS. I have worked on a website that was DOS attacked by Google and Bing simply because Drupal cannot handle the load (I wanted to say could not but I believe it still can't). | |
| Jan 29, 2019 at 23:06 | comment | added | Mike Ounsworth | If an application is well-written then it won't have any crash-type DOS bugs and an attacker will have to resort to a full DDOS (which will always work if the attacker has a bigger firehose than the target). However if the target app has an easy-to-trigger crash, then I'm sure any attacker would rather send the single crafted packet and save themselves the $$ of running a DDOS network. | |
| Jan 29, 2019 at 22:58 | answer | added | schroeder♦ | timeline score: 59 | |
| Jan 29, 2019 at 22:32 | answer | added | DarkMatter | timeline score: 136 | |
| Jan 29, 2019 at 22:30 | review | First posts | |||
| Jan 30, 2019 at 1:16 | |||||
| Jan 29, 2019 at 22:28 | history | asked | Matías | CC BY-SA 4.0 |