Have you ever been browsing your favourite website or watching your favourite online video stream only? To have your access suddenly slowed to a crawl or cut off. And, I am not talking about a frustrated parent spouse, child or pet yanking the cord and then you realize that every other site is working fine. Well, your initial response might be those ding wads need to upgrade their network connection and servers. Which, if they are experiencing higher than usual web traffic may be the case.
But, another likely scenario is that the site is being hit by Distributed Denial of Service or DDoS Attack. These nuisances come in many forms, amplification attacks, nooks, teardrops of Smurfs etc. But most operate in pretty much the same manner by utilizing a large network of remote PCs called a botnet. When grouped like this, to overwhelm other systems, connection or processor, causing it to deny service to the legitimate traffic.
It’s receiving the first type of attack, could be considered your standard blitzkrieg type because it attempts to directly overwhelm a system often by plugging all of its ports with garbage streams like incessant pings are endless, fragmented packets without rebuilding instructions. It’s about the equivalent of a kid in the backseat asking are we there yet are we leaving absolutely no dead air to respond to say for the last time. No, we are not there yet. Next up is your crank calls, attacks that cause further bandwidth and processing congestion by forcing the server to respond to their nonsense.
This can be done in several ways by forcing a website to handshake endlessly with new systems or attempt to validate spam port connection requests before eventually giving out an ICMP destination error or in the case of getting requests attacks triggering the sort of large-scale file transfers that only happened naturally. When Taylor Swift releases a new single iTunes, our third type of attack is the most deadly move in the DDoS 2 Arsenal.
It is the DNS Server Amplification Attack or as you call it the death star. This technique uses an individual PCs ability to act as its domain name server. To request the same sort of junk from the other techniques then forward it to a target amplifying the severity of the attack as much as 70 fold. This technique is apparently what allowed narrow dream wells to launch an attack on the scale of 400 gigabits per second recently. Which was 50 time the largest recorded attack 10 years ago at 8 gigabits per second.
Alright, get it some junk runs in the background of my PC turning it into a zombie for this so-called botnet. But, why would anyone want to do this good question and there’s a wide range of motivations from hacktivist groups trying to block access to terrorist recruitment websites to gamers targeting opponents to increase their ping times for a competitive edge to folks who just want to watch the world burn.
But the good news is protection against these sorts of attacks is getting easier and more affordable than ever with techniques like running data through a high capacity server or using scrubbing filters that prevent huge amounts of fake traffic from causing more than just a momentary slowdown. Not that these techniques help with the last kind of distributed denial of service attack.
Understanding DDoS Attacks?
What this is it’s a cyber attack on a specific server or network with the intended purpose of disrupting that network or servers. Normal operation and a DDoS attack do this by flooding the targeted network or server with a constant flood of traffic such as fraudulent requests which overwhelms the system. Causing a disruption or denial of service to legitimate traffic. So, for example, here we have a web server which could be a loan to a company that sells their products over the internet and over here we have a couple of customers with their computers that are browsing the company’s website looking at the company’s products or services.
Now, let’s just say that someone just wanted to do an attack on this company’s web server and let’s just say that they are going to attack the server for whatever reason. For example, maybe they don’t like the company or they don’t like the owners of the company or whatever. So, what happens if the attacker is going to use their computer and their program to attack this server and flood it with fraudulent data traffic to try and disrupt its service. Now, this is not the DDoS Attack. This is just called a DOS attack which stands for denial of service. Because DOS attack is an attack that’s just coming from one source.
Now, normally, a network or server can handle an attack from a single source because it’s easier to pinpoint the server. It can just simply close the connection where the attack is coming from. So, that’s not a problem, however, the problem is that what if an attack comes from multiple sources simultaneously and that is what a DDoS is. A DDoS is an attack from multiple sources all at once. So, this can urge here who is the ringleader can communicate with other computers around the world and coordinate an attack on this server. So, now listen to an attack coming from a single source. The server now has to deal with an attack from multiple sources. And, when this happens, it will overwhelm the server.
It will eat up the server’s system resources such as the CPU and memory and it will also eat up network bandwidth. So, as a result, these legitimate computers over here are going to be denied service. Because the server is too preoccupied in dealing with a DDoS attack. So, the webpage is that these computers want to access or either not going to load or they are going to be very slow in loading. And, they will get that familiar spinning wheel of lag on their screens. So, the question is how does the attacker get other computers to get involved in a DDoS attack and the simple answer is by using malicious software.
The attacker will develop a malware program and distribute it over the internet and put it on things like websites and email attachment. So, if a vulnerable computer goes to these infected websites or opens these infected email attachments. The malware will be installed on their computer without the owner. Even knowing that their computer has been infected. So, now their computer has been recruited in an Army of other infected computers, to perform a DDoS attack. And, this army of infected computers is what’s called a botnet.
Now, this botnet is not just limited to a few computers this, the botnet could be hundreds or even thousands of computers that are scattered all over the world. So, now this botnet can be controlled like an Army waiting to receive instructions from the attacker who is now like a centralized command and control centre for the botnet. And, then the attacker can send out commands to all these computers and tell them to attack at a certain date and time. And, then once that set, time is reached, the attack begins.
Now, a DDoS attack can last for hours or even days. It just depends on the attackers intent. So, another question is why do people do DDoS attacks. DDoS attacks can happen for several different reasons for example, it could be for financial reasons and the attacker is DDoSing a competitor in the marketplace. It could also be for – maybe political reasons, they don’t like the targeted organisation’s beliefs or it could also be that maybe the attacker is just doing it for fun.
Most Powerful DDoS Attack In History: 2016 Dyn cyberattack
The goal of this attack is to overwhelm a target with more bandwidth. Send them more information and more requests for information that they can receive or respond to. Now, in doing that, you overwhelm their internet connection and they can no longer send information out which means, they are effectively dead on the internet now. This all started when people started getting high-speed internet connections at home mainly. Cable modems back in the day people used to be able to get 5 to 10 megabit connections when cable modems first came out, well everybody else was still on these tiny little ISDN connections, even dial-up which was the easiest thing in the world to kick off.
And, you better know the couple of people out there who were lucky enough to have DSL which was still one-tenth or one-twentieth in some cases one hundred the speed of the cable modem connections. Now, the way it works is the person who has the cable modem, the faster internet connection uses a tool that sends information rapidly to the IP address of the person you want to attack. Now, you send that information, so fast, because you have a quick internet connection.
But, unfortunately, they cannot receive all the information, fast enough so you get 800 per cent of their internet connection. You have thereby effectively denied them service to the Internet. Now the reason, DDoS attackers are not considered hackers is because they rarely if ever understand what they are doing? They fall into the category of script kiddies, these are people that just go download prefabricated and built scripts and tools on the Internet to attack somebody not knowing what is going on under the hood at all. That’s where most of the people that do this kind of attack fall because real hackers will exploit a weakness in a system to gain access to it.
Whereas, the DDoS attackers are just exploiting one massive architectural flaw in to achieve their goal. Now, the most common tools that are known throughout history for performing a DDoS attack are low orbit ion cannon and its predecessor. High Orbit Ion Cannon, which are tools that are designed to just basically fake packet requests and massively spam a port on another computer with it. Until you overwhelm or saturate their connection, it’s also capable of sending packets that require a reply, like a ping or something to that effect, so, the other computer is forced to saturate both its downstream and its upstream and respond to a target that’s not where the packet truly originated from this is called Spoofing.
So, they are putting out a lot more bandwidth, they are effectively doubling what you are sending to them now. Again, these tacks in and of themselves are not that effective anymore. Because so many people have high-speed internet connections. Now, that it’s really hard for one internet connection to take down another internet connection in a one to one right now. THat’s where things evolve to DDoS. DDoS just stands for a distributed denial-of-service attack. If you cannot kill somebody in a one on one fight, then what do you do is to and get a gang. In the gang overwhelms the one person.
Now, this is why you see a lot of corporations getting attacked now because of denial of service attacks can take tens of thousands or even hundreds of thousands of computers. On the internet and target them all like a magnifying glass on a little poor unsuspecting ant which is hopefully not you. But, if it is you, your internet connection is going to be cut. Now, when they attack corporations like Sony and Microsoft and the whole XBox, one server and the PSN networks.
Those attacks are effective because of the massive volume of people that are attacking that server and the diversity of where those attacks are coming from because that machine is literally on every network around the world. So, you cannot just flip off the switch and say – I am going to block all traffic from this one IP range, it will not be effective because you are getting attacked from so many different vectors. There are also the same vectors that normal users, that would use your service would also use. So, blocking them would effectively take your network offline.