Distributed denial of service, or DDOS (pronounced DEE-DOS), is a form of attack that consumes server resources to the point of rendering it inoperable. In other words, it’s lights out.
Denial of service has been around since the early days of the web, and while it causes no actual damage, it is quite effective when it comes to making your site unreachable. A strong DDoS attack will take down most websites. They cost money to defend against, and experience.
And they are a frustration to deal with.
How Does DDoS Take Down A Website?
DDOS attacks exploit the TCP handshake, a protocol used by servers to sync with each other and communicate. For example, in order for your browser to pull up this web page, a request is sent to the destination server. This first packet starts the TCP protocol and is referred to as a SYN packet, short for synchronize.
Once this packet is received, a new packet is sent called an SYN-ACK, or synchronize-acknowledge packet. This lets your browser know that the server is available to communicate, and begins listening on an open port for the final packet, the ACK packet. Once this chain of events occur the two machines are synced and able to pass information back and forth.
In a DDoS attack, an attacker will send repeated spoofed connection requests in an attempt to keep the target machine waiting for a connection to be established.
In essence, a server is a big dumb box that will do what it’s told. No matter how busy it is dealing with legitimate tasks, if it receives a connection request it will “listen” on an open port and wait to start communicating. It will try to do this with every request it receives. And it won’t stop until it makes all of the connections — or it poops out.
With only a little bit of traffic this is no big deal, but with a large volume of malicious traffic you can push a server to the point of failure. Eventually, a server under attack from distributed denial of service will consume its own resources trying to respond to communication requests that are allowed to timeout.
And then you get a screen like below:
The Main Reasons For DDoS Attacks
Now that we understand what exactly a DDoS attack is, we now can look into the motivations behind these attacks, or modus operandi if you will.
Think Anonymous or the Izz ad-Din al-Qassam Cyber Fighters. It’s group like these who have made DDOS the weapon of choice for online political activists. DDoS attacks have plagued businesses, banks, government websites — even the Church of Scientology.
This is the dark side of DDoS attacks. These DDoS extortion attempts usually target websites that generate a lot of online sales. Gambling sites are notorious for getting ransom demands. The usual plot is to wait for sports events or other times when the business will be making the most money. Then, the attackers will either take down the site first, and then send their demands, or vice versa. Either way, the business loses out.
Intrusion / Misdirection
This is especially worrisome for the financial industry. In this example, a DDoS attack will be used merely to distract IT personnel from what’s actually going on. While the team is concentrating on staving off the attack, the cyber thieves will break into systems or use compromised accounts to transfer out funds. It’s been done before, so watch out.
As more advanced DDoS tools and software are built, it makes acquiring these tools extremely easy. Most of these tools can be downloaded for free, but there is also those who will purchase the latest DDoS toolkit for their own nefarious reasons. A drive-by DDoS could be someone randomly deciding to target your site, or a hacker testing out their capabilities.
This one is gaining ground, with sites blatantly advertising their services for the world to see. What’s worse is the cost to launch an attack is cheaper than paying to protect against one. The people that offer these services typically operate massive botnets that allow them to push huge amounts of traffic with the push of a button. The worst part is that some unethical businesses may be using these against competitors. Oh, and angry employees have been caught using these services against their employers.