Pages

Thursday, December 16, 2010

What is a DDoS Attack?

“DDoS attacks” (Distributed Denial of Service attacks) may not be an alien term for you by now. Of course it became one of the popular search keywords in the previous weeks; because a group of hackers called “Anonymous” launched an attack targeting some major banking web sites. ‘Anonymous’ claiming their “Operation Payback”, commenced several DDoS attacks supporting WikiLeaks. On 8th December 2010, a coordinated DDoS attack by Operation Payback brought down both the MasterCard and Visa websites. 




However the best part is, ‘Anonymous’ who attacked several major websites, itself became a victim of a DDoS attack for more than 40 hours during 9th - 10th December. Anyway if you are not aware of what is a DDoS attack and how it happens, this article will explain it. Basically, there are two forms of DDoS attacks as the way they impact on the systems/services. Some attacks will crash the systems/services and some of them will only flood systems/services without shutting the system.

The main purpose of a DDoS attack is to make a web site or internet service unavailable and keep it away from proper functioning. If we really look in to what happen in a DDoS attack, we can see a multitude of compromised computers attacking a single target. That will definitely end up with denial-of-service for the users of the targeted system. The multitude of computers used to attack will cause a flood of incoming messages (then an heavy traffic) to the target system which will force the system to shut down.

A hacker begins DDoS attack by getting a single computer system under his control. Usually this happen by exploiting a vulnerability in the computer system. After that, the hacker will make it the "DDoSmaster". Which he will use to continue his attack thereafter. Using that master system, the hacker identifies and communicates with other systems which can be compromised.

The hacker will then load cracking tools on those multiple compromised systems. Which will enable him to control all those systems using the DDoSmaster. In most occasions the owners of those compromised computers are unaware of that their computers have been compromised and, been used to perform a DDoS attack. Usually, a computer under the control of an intruder is known as a “bot”, and a group of compromised computers is called as a “botnet”.

Finally, the intruder will instruct the compromised machines to send numerous requests to a target computer system/service. So the flood of requests (actually the packets) against the specified target system will cause a denial of service.Even though the target computer is directly affected by the attack there are some other parties who suffer from the same attack. First there is the compromised systems (as I said above, they are not aware of what’s happening). And the heavy traffic towards the target system will affect the other services who share the same network facilities with the victim, and therefore they will also experience the same problems. Even though they are not the targeted service, their functionality might also end up with a denial-of-service.

I have covered only the basic things about DDoS attacks. If you are interested in searching more, I suggest you to have a look at this Wikipedia article. It contains a great deal of information about the types of attacks, and the precautions for preventing the DDoS.

2 comments:

  1. Its getting crazy, I have seen lots of sites go down to these ddos attacks, You dont even have to be attacked directly to feel the effects, My latest client came to me because someone else their webhost is hosting got ddosed, and it took every site offline that webhosts had been hosting. I have some info and services that can help protect against ddos attacks and mitigate them down to nothing. I have it outlined in my FAQ: http://bit.ly/gx8WzL I have a live chat as well so you can pick my brain

    ReplyDelete

Had to enable word verification due to number of spam comments received. Sorry for the inconvenience caused.