views:

150

answers:

7

So, I'm looking into Permanent DOS attacks for a class, and I'm having a hard time coming up with concrete examples. There's a lot of information about Phlashing (flashing firmware to either brick the device, or put malicious firmware in its place, for those of you who don't know the term) but I'd like to have a broader set of examples.

That being said, there has to be a way to write code that will do something like wear out disk arms, right? Something that will have the disk seek to the end of the disk, then back to the front, on and on. Anyone have an example of how that would be accomplished? Is there some way to specify where to track to on a disk in C (similar to traversing to a certain point in a file, but for the entire HDD!)? If not, I guess there's always trying to force a file's location on the disk... which seems like less fun trying to accomplish. Again, can you do something like that programmatically?

If anyone has any insight into these types of attacks, or any good resources for me to check into, I'd appreciate it. Maybe you read a story about it on Slashdot a few years back? Let me know! The more info I can gather, the less likely I'll be forced to kill time during my talk by bricking my router in the class :) I'm not made of money OR routers!

+2  A: 

Although it is mostly fictional, the halt and catch fire operation would be a very convenient and permanent DOS attack.

Mike
+1  A: 

Steve Gibson (google his name) has a paper he wrote a few years back about protocol-level vulnerabilities in TCP/IP. Some of it is still pertinent today.

San Jacinto
A: 

It's possible for a virus to do this. I seem to recall an actual virus doing this back in the day, but can't find anything to back that up.

I was able to find an article where the author has a conversation with the VP from Western Digital wherein he states a program could potentially access a hard drive's firmware causing such a DOS attack:

There are back doors if you will that allow us to get into places that the operating system can't go through the IDE connector

Gavin Miller
If I have to gain physical access to the machine to PDoS it, I'll just perform the old standby technique "Framing Hammer 2.0" straight to the platters ;)
Sheep Slapper
A: 

There used to be a few viruses that could cause old CRT monitors to break. They could cause invalid sync signals out the VGA point that would be too high in frequency for the video sweep. I also remember a few that would use bad sector flagging to draw images on the old versions of Scandisk (we are talking early 90’s or older.) I don't remember and of the names or have any references, but they used to be quite annoying.

Fortunately better circuits, memory protection, API abstraction have made such attacked very difficult to impossible.

Matthew Whited
Wayne Conrad
@Wayne: yeah I did that to a couple VT102 monitors before I figured out it was a "typo" in my program- I'll never forget that high pitched whine - CRTs do scream when they die
kloucks
+3  A: 

Seems like these would primarily be limited to physical attacks and social engineering ("To enable your computer's hidden turbo function, remove the cover and pry this part). But:

  • Adjust screen refresh rates to insane values to blow older CRTs

  • Monkey with ACPI fan, charge, or battery controls if possible to cause overheating or battery failure.

  • Overwrite every rewritable storage device of every kind attached to any bus. Discover and overwrite any IDE, USB, etc... device you know the flash updater details for.

Of course nothing is permanent. You can replace the hard drive, BIOS chips, CPU, motherboard, memory, etc...

Joe Koberg
Obviously nothing is permanent in the sense that things can be replaced, but the individual piece of hardware in question is permanently broken. I'm guessing that coming up with practical examples of, say, stopping the fans on a motherboard, are going to be VERY hardware specific and a little outside my scope.
Sheep Slapper
I've been looking into it, and that ACPI idea might have some legs to it... Thanks for the suggestion! Now I have to go sit by my box very quietly and see if any of what I try works!
Sheep Slapper
+1  A: 

Socially engineer the power company or ISP to turn off service at the location in question.

Joe Koberg
+1  A: 

Many devices in the computer today have their own firmwares, including but not limited to CPU, DVD, HDD, VGA, motherboard (BIOS) etc. Most of these devices also have a way of updating their respective firmwares. Which can also be used to brick them pretty efficiently. Although this does require an individual approach to every device, often using privileged instructions and undocumented interfaces.

Vilx-