Algorithmic Denial of Service attacks explained


A paper from Rice University describes a method and implementation of creating algorithmic DoS attacks that don't require a large amount of bandwidth to saturate servers.

The idea is to attack obvious or hidden hash algorithms (relatively compute intensive) and bring the server (or in one of the cases, the intrusion detection system) to its knees.

Successful attacks were created against Bro (an IDS), Perl, and (to a lesser extent) Squid. An interesting result with DJBDNS, the program caught their attempt (apparently due to a chunk of code that was specifically there to limit run-away hash computation) and thus was immune.