By Jerry Whitehead III, re-posted by Jeffrey Lyon
A comprehensive overview of the entire DDoS process.Although they have (unfortunately) been on the rise over the past several years, there are still quite a few people that don’t know what a DDoS attack is or how it works. Outside of the computer/tech space, most people probably don’t know what DDoS even stands for. Let’s start with the basics.
DDoS stands for Distributed Denial of Service. The most important part of that acronym is the “denial of service” aspect, since at its core, a DDoS attack is meant to take away the services provided by either a single machine or network unavailable and offline to its users. A DoS attack, generally speaking, is an attempt to take down service from a single user or computer – a DDoS attack, by definition, is orchestrated by two or more people using many more computers, or more likely, bots (we’ll get more into that later).
The most popular form of DDoS attacks aim to take down a single or group of websites by overloading that site’s resources. All websites, even the largest ones in the world, only have a certain amount of bandwidth that can facilitate a maximum amount of connections to the website. Once that bandwidth is tapped and the maximum amount of connections has been made, no additional users can access the site, and any new person attempting to will receive an error message that the website is down.
As you can imagine, this takes a considerably large amount of connections for a website to be taken down, especially some of the larger sites that have made the news when they have been stricken with a DDoS attack – sites like Bank of America, Ebay, Amazon and others have all been crippled from DDoS attacks and are among the biggest sites in the world. How can a handful of nefarious hackers take down such gigantic sites that have the bandwidth to accommodate millions of users at one time? By infecting innocent computers around the world with malware.
Any anti-virus program will advertise that it can clean your computer of viruses, malware, and Trojans, but do you know what a Trojan is exactly? They can be one of the more difficult types of malware to diagnose and get rid of due to its nature. Much like the famed Trojan horse from The Iliad, a Trojan malware disguises itself as a normal, sometimes essential program that users would normally have no concern with installing or updating. Hidden in the program, however, is a smaller program that runs silently in the background, often without the user’s knowledge of it even being there. Once installed, the infected computer is now essentially a zombie – it can be remotely controlled by the party responsible for creating the Trojan. Imagine a successfully hidden Trojan that is coupled with an extremely popular download, program update, or phishing email – hundreds of thousands, possibly even millions of unsuspecting people will install the Trojan and become infected. The person or people responsible for the Trojan now have a literal army of infected zombie computers that can be controlled when called upon.
Once the hackers feel they have a sufficient amount of infected computers, they strike. Using specifically designed programs, they command all infected computers to log on to a specific website. These programs, known as “botnets”, have a surprising amount of control over the computers, or “bots”, in their network. Depending on the size of the site under attack, it does not take very long in order for the bandwidth to be maxed out and the site to crash.
One of the main reasons DDoS attacks are so effective is because they are incredibly hard to trace. If it were a single user or entity (a DoS attack) going after one site or network, it would be relatively easy to spot an IP address (Internet Protocal address, a unique number assigned to each computer on the Internet) and stop the attack at its source. With a DDos attack, however, infected machines are being used from all over the world making it nearly impossible to effectively track.
As with anything, DDoS attacks vary greatly in size and scope. Sometimes, a single user with a relatively small amount of bots or zombie computers at his or her disposal can take down a small website with a small amount of bandwidth. If you have a site for your small and have a basic hosting package, you either better hope you haven’t made any computer savvy enemies or you have some sort of DDoS protection, because it wouldn’t take much to overload your connections. These types of DDoS attacks that focus on smaller sites are incredibly common, but don’t get nearly the amount of press coverage that some of the larger attacks do.
Speaking of which, let’s look at one of the bigger DDoS attacks in recent memory to put its size in perspective. Last spring, the Spamhaus website (a company that blocks SPAM emails) was taken down with a DDoS attack. The size of attacks are typically measured in bandwidth per second – the more megabytes and gigabytes of data that are inbound to the website from the bots per second, the bigger the attack. At its height, the Spamhaus attack was sending 300 gigabytes of data to the site per second. That is an incredibly large amount of data and one that few sites could effectively handle.
Regardless of their size or target, DDoS attacks are on the rise. They are relatively easy to implement for a moderately-experienced hacker, are difficult to effectively trace and target, and are increasingly used as a form of cyber protest against groups that the attackers are opposed to – since there is no real “hacking” involved and the site is only crashed due to no remaining bandwidth, attackers argue that no real damage is being done. Site owners correctly counter-argue that each minute their site is down, however, is costing the company money. Imagine how much revenue sites like Amazon and Ebay lost out on when their sites were down? Due to their popularity and potential for damage, it’s crucial that all sites, regardless of size, implement the proper DDoS mitigation solutions. We’ll have more on what to look for in your DDoS protection in a later article.
