How Does a DDOS Attack Happen?
A distributed denial of service (DDOS) attack is a common method hackers use to take down websites, email servers and other services which connect to the Internet. DDOS attacks are so common that it is guaranteed that there are some happening right this moment. Read on to find out exactly how DDOS attacks work, why they are so prevalent on the Internet and how to protect yourself against one.
A DDOS attack is a method hackers use to make a service inaccessible. They do this by flooding the target with a huge amount of traffic or requests. Imagine you work as at a pizzeria and you have a couple of phones where customers call in and order pizza. Normally two phones is plenty, and if both lines happen to be busy then the customer gets put on hold for a couple of minutes.
Now imagine if someone decided to prank the pizzeria by constantly calling in fake orders. This would be annoying and might interfere a bit with regular customers. This is the idea behind a denial of service attack. The phones get flooded with fake calls so the real customers cannot get through.
The answer is to block that one number that the prank caller keeps calling from. Problem solved.
Now imagine instead of one person performing those prank calls, imagine 500 people calling into one little pizza shop with constant prank calls. This is what a distributed denial of service attack is. It would be next to impossible to block all 500 numbers.
This is exactly what happens over the Internet when someone is DDOSed. Fake Internet traffic is passed on to the target, and there is so much of this fake traffic that the target cannot find the resources to respond to legitimate traffic. And because the attack is distributed, it is impossible to stop the attack simply by blocking one of the attacking sources.
Not only that, but those who perform DDOS attacks usually amplify their attacks by taking advantage of a poorly managed server on the Internet. Someone might be running a DNS server that is not fully secure. DNS is a helpful protocol that ensures the Internet as we know it runs the way we do. But if misconfigured, this can also lead to amplification of a DDOS attack.
The attacker usually has a single computer from which he or she can control many other hacked computers. These hacked computers are can be called zombie bots, and they form a botnet. A botnet is a groupd of computers which are controlled by a malicious hacker. Many people do not realize that their computer is hacked and is being used as a zombie in part of a botnet.
So the attacker sends a message to his or her botnet telling them to attack target X. But to make the attack even more powerful, the botnet is instructed to go through a compromised server, which amplifies the attack.
At least one of two things happen during a successful DDOS attack. Their the computer being attacked is so overwhelmed with the amount of fake requests to it that it slows down to a crawl or worse, just shuts down altogether, or the network is completely used up so communication between the server and the outside world is unable to take place.
The second scenario is worse than the first. If it is just the one server being targeted and it goes offline, that is bad. But if the whole Internet connection becomes congested full of fake traffic,then no servers using that connection can operate. This might mean every service becomes unavailable. If the Internet connection is shared, then a single target can affect everyone on the same connection. What this means is that if you buy Internet from an ISP, and the ISP has another customer that shares a switch or router with you, then an attack on that other customer can affect your Internet connection.
The largest single ports commonly in use are 100Gbps bandwidth ports. And those are usually reserved for the Internet's largest players. The largest DDOSes have gone well beyond this number, meaning that a DDOS can be powerful enough to affect even the largest of Internet companies.
This is why they are so prevalent. A DDOS takes little effort from the attackers point of view, and is incredibly efficient at causing disruptions. Just a couple of weeks ago Linode, one of the most popular VPS providers suffered a terrible DDOS attack. It was extremely disruptive and I am sure cost Linode a lot of money.
Dealing with a DDOS can be expensive and difficult. If large well established companies have problems dealing with DDOS attacks then you can be certain that they are an effective method of causing disruptions.
So what can you do? The first options is preventative. Do not become a target if you can help it. This means both, hiding IP addresses to your essential services, but also not upsetting people. The most common DDOS attack targets are political websites. People attempting to silence one another use DDOS attacks as a tool.
Another step is to have a good firewall which will drop certain types of traffic. If you have a server which does not host websites, there is no need for the firewall to allow connections to that server on TCP port 80. A system administrator should be able to setup an efficient firewall which prevents many types of fake traffic.
Finally, the most difficult thing to do is to protect your network. The easiest, but usually most expensive step is to increase the bandwidth of your Internet connection. The more bandwidth your connection can handle, the larger the attack must be for it to make any sort of effect.
A second, more cost effective method may be to use a specific DDOS mitigation service. These services act as a proxy between you and the Internet, and when you become a target of an attack they help to filter out that attack traffic. Instead all they send you is the legitimate traffic which was bound to your server.
Again, a DDOS is a pain in the butt because it works. It's easy to implement and difficult to mitigate.