If you're the average Linux hacker, you probably remember a time when you were all excited about being able to bring your system to a stand-still by running this little gem of a program:
void main(void)
{
while (1)
fork();
}
Since this program denies anyone else access to the system (whatever services it provides), this is called a denial of service attack, or DoS attack for short. The idea behind them is to render a system partly or wholly unusable.
Well, we're all past that age. But most denial of service attacks resemble this ``mother of all DoS attacks'' in design and mentality. The program above tries to hose the system it runs on, but most denial of service attacks are against remote computers. Local attacks can usually be prevented by setting resource limits on a user's account. Apart from that, the perpetrator is likely to be caught. When a workstation crashes once, the system administrator will probably just reboot it. If it happens two or three times in a row, he will take the time to do a post-mortem on the crashed machine and have a lively if one-sided conversation with the person who caused this.
In general, it can be said that anonymous services that are supposed to interact with random (and probably untraceable) client from the Internet are a lot more vulnerable to DoS attacks than services running in a protected environment. In a closed environment, it is usually possible to identify an attacker and deal with him.
As mentioned previously, this should not be taken as an excuse. However,
given that denial of service is fairly hard to protect against, there
is a valid trade-off between the ability to deal with DoS attacks on one
hand, and an increased code complexity on the other hand. We will
come back to this issue in section ![[*]](file:/usr/lib/latex2html/icons/crossref.png){kind=icon}
below.