You may have heard of a DDoS (distributed denial-of-service) attack in the news as a method used by malicious hackers to attack a website. It’s possible you’ve even experienced the effects of a DDoS attack yourself.
If you host a website or other online service, being aware of the dangers of a DDoS attack can help you prevent one, or mitigate the damage they can incur.
Here’s a brief explanation of what a DDoS attack is, what it accomplishes and how to avoid one.
How does a DDoS attack work?
Denial of service through server flooding can be thought of as simply filling up a pipe with enough material to prevent anything else from getting through.
Denial of service may occur unintentionally if a server receives more traffic than it was designed to handle. This happens frequently, such as when a low-trafficked website suddenly becomes popular.
In this case, the server is still functioning, and is not damaged, but is unreachable from the Internet. It’s been effectively knocked offline, and will be until the DDoS attack either stops or is outgunned by more servers being brought online.
Malicious denial of service involves deliberately flooding a server with traffic. The easiest way to do so is to distribute the attacking computers among hundreds, even thousands of computers, which simultaneously bombard the target server with (often useless) requests for information.
Think of multiple pipes from various locations eventually connecting into one large pipe, and massive volumes of material eventually colliding from the origin points into the main pipe.
While the electronic connections that make up the Internet are not technically “pipes,” there is a limit to the amount of data that can be transferred through any given network. Put enough in there, and a server’s pipes will be clogged.
Cybercriminals use large systems of “zombie” computers, or computers infected with malware that allow a central controller to use them, in DDoS attacks.
Hacktivist groups like Anonymous, on the other hand, recruit volunteers who install software on their own machines to take part in DDoS attacks. Anonymous has used DDoS attacks against the websites of credit-card companies, dictatorial foreign governments and even the CIA, FBI and U.S. Department of Justice.
What does a DDoS attack accomplish?
Unlike other forms of malicious computer activity, there is usually no immediate or direct gain for the attacker. The primary goal of a DDoS attack is simply to disrupt a service.
A DDoS attack will not in itself allow hackers to access any secure information on its own. There is no network penetration or database breach involved.
A DDoS attack can result in a loss of income for a company that does business online. Most of the large online retailers and social networks have hardened their servers to resist DDoS attacks.
DDoS attacks by Anonymous and other hacktivist groups are often intended to be a form of protest. In January 2012, attacks on several government agencies and recording labels were staged by hacktivist groups as a form of protest against the Stop Online Piracy Act (SOPA) and the seizure of the file-sharing site MegaUpload by the FBI.
Over the past decade, hundreds of DDos attacks have been performed by independent activists, political groups and even government agencies.
How can you avoid or mitigate a DDoS attack?
Unfortunately, there is little that can be done to avoid becoming the victim of a DDoS attack. Unlike other attacks, it is a brute-force strike that uses a public utility — the Internet itself — to overwhelm a system. Anti-virus software and filtering tools such as firewalls will not stop the effectiveness of the attack.
The primary method of dealing with these attacks from the perspective of a host is to increase the capability of the system.
Load-balancing tools can distribute requests among many servers scattered across a wide geographical area, and as the system grows to handle more requests, the attackers will need to use a stronger attack to overwhelm it.
Methods to limit the amount of traffic allowed to and from the server can be enabled in some routers and switches, and some responsive systems can disconnect a network from the Internet before the attack brings the entire system down.
The latter method will still result in the network being inaccessible from the Internet, but will generally result in a faster return to service.