Case study: DDos intro

In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade. Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail and activism can motivate these attacks.

DDodefinition

DDoS stands for Distributed Denial of Service. This type of attack involves sending large amounts of traffic from multiple sources to a service or website, intending to overwhelm it. A huge influx of traffic all at once can tie up all the site’s resources and thereby deny access to legitimate users. This is DDoS, or Distributed Denial of Service, which is a malicious network attack that involves hackers forcing numerous Internet-connected devices to send network communication requests to one specific service or website with the intention of overwhelming it with false traffic or requests. This has the effect of tying up all available resources to deal with these requests, and crashing the web server or distracting it enough that normal users cannot create a connection between their systems and the server.

Websites sometimes “crash” due to an incoming flood of legitimate traffic, like when a highly anticipated product is released, and millions of people visit the site at once trying to buy it. DDoS attacks attempt to do the same.

How DDoS attacks work

Because DDoS attacks require traffic to come from many sources, they are often conducted using botnets. This is like having an army of zombie computers to do the attackers’ bidding. Attackers use what we call a DDoSTool to enslave computers and build their army. This zombie network of bots (botnet) communicates with the command and control server (C&C), waiting for commands from the attacker who’s running the botnet.

In the case of a DDoS attack, it can happen that tens of thousands or even millions of bots work simultaneously to send large amounts of network traffic in the direction of the target server. Usually, but not always, the original infecting DDoSTool does not attempt to steal data or otherwise harm the host. Instead, it lies dormant until called upon to participate in a DDoS attack.

The history of DDoS

According to Wikipedia, the first demonstration of a DDoS attack was made by hacker Khan C. Smith in 1997 during a DEF CON event, disrupting Internet access to the Las Vegas Strip for over an hour. The release of sample code during the event led to the online attack of Sprint, EarthLink, E-Trade, and other major corporations in the year to follow. In early 2000, Canadian teen hacker Michael Calce upped the DDoS ante and made a big impression on the business community by bringing down Yahoo! with a DDoS—a feat he repeated in the week that followed by disrupting other major sites such as Amazon, CNN, and eBay.

The general threshold of effort it takes for a hacker to arrange a DDoS has only decreased in difficulty with reports of cybergangs renting out botnets for as little as $10-per-hour. Finally, as we have entered the Internet of Things (IoT) era, almost any Internet-connected device such as smartphones, security cameras, routers, and printers can be mustered into a botnet for even more DDoS impact.
See also: History

DDoS

Chengjiang He

 next article