A DoS (denial-of-service) attack is a form of attack (intentional event) that renders a machine or network resource unavailable for its intended users. DoS attacks involve temporarily (or sometimes indefinitely) interrupting or suspending services of a host connected to the web. DDoS (distributed denial-of-service) attacks are a specific kind of DoS attack where a network of remote PCs, known as a botnet, are used to overwhelm another system’s connection or processor. This disruption leads the system to deny service to all legitimate traffic it may be receiving.
Even the most casual internet user has probably stumbled across a site under a DDoS attack at some point. At that point, the site may be temporarily crippled by the unusual surge in traffic or it may even go down altogether. One way to think about this is to remember the time when Ellen’s selfie “broke” Twitter. The difference here is that all that traffic was legitimate. Now imagine a site a fraction of the size of Twitter suffering the same effect after being thwarted with comparable levels of false traffic. Ouch!
Types of DDoS Attacks
There are different types of DDoS attacks, each with their own style when it comes to overwhelming resources. Sometimes a system may be overwhelmed by garbage streams sent so fast that the user doesn’t have the chance to respond. Other cases may involve a server’s bandwidth and processing power being congested by nonsense requests the server must respond to (things like endless handshakes with new systems that eventually lead to an ICMP destination error). Then there’s a more destructive form of attack, called a DNS Amplification Attack.
The DNS Amplification Attack occurs when a DNS server becomes exploited, and is forced to send a payload of such large volume that it overwhelms all its resources. This kind of attack is carried out against a single unit.
Obviously, none of these sound very comforting – especially considering how much we’ve come to rely on the web in our everyday lives. So why would anyone create such a disruption? What is the reasoning behind DDoS attacks?
Why DDoS Attacks Happen
People who execute DDoS attacks will do so for a variety of “reasons”. In the last few years, we’ve seen everything from hacktivist groups making a statement to frustrated online gamers trying to gain an edge over their rivals to bored tech-savvy individuals who just decide to cause chaos. The answer behind why DDoS attacks happen are really between the perpetrator and the victim…if there is one at all.
Over the years, there have been many high-profile cases reported. Even big-name consumer brands have felt the effects of this abuse. In fact, this past July, Telegram – an encrypted messaging app – acknowledged that a major DDoS attack had taken down the servers that enabled their service in Asia. Telegram experienced a tremendous surge in traffic that topped out at over 200Gbps. The popular theory is that the attack was coordinated by human rights lawyers as a response to government eavesdropping.
And that’s just one example. Below you’ll find a few of the cases that have put DDoS into headlines in recent years.
Anonymous vs. the Church of Scientology
January, 2008 was a major coming-out party for the web-based activist group, “Anonymous”. In an operation called Project Chanology, they unleashed a massive e-attack against the Church of Scientology. This attack was highlighted by a major DDoS attack that actually knocked the “Church’s” official website offline temporarily. The goal Anonymous claimed that spurred this attack was to “save people from Scientology by reversing the brainwashing.”
Mafiaboy vs. Amazon, CNN, Dell, eBay and Yahoo
While “Mafiaboy” sounds more like a comic book superhero than a legitimate online threat. However, this is no laughing matter. A then 15-year old Canadian named Michael Calce (Mafiaboy) coordinated the first major DDoS attack that targeted several popular sites. His operated, which he dubbed Project Rivolta, took down Yahoo in February, 2000. Wanting to make sure this first victory was not a fluke, Mafiaboy proceeded to do damage to CNN, eBay, Dell and even retail giant, Amazon.
Russia vs. Cyxymu
A Georgian blogger known as Cyxymu single-handedly took down several Russian social networking sites for several hours back in August of 2009. Facebook’s Head of Security, Max Kelly, described this event as “a simultaneous attack across a number of properties targeting him to keep his voice from being heard.” Cyxymu claimed in the press that the order for the attack had come from the Russian government.
Protecting Your Server Against DDoS Attacks
DDoS attacks are notoriously difficult to track. At times, it can seem nearly impossible to identify a specific culprit responsible. However, there are several things you can do now to protect your server against this type of unauthorized spike in activity. For one, data should be transferred between high-capacity servers. Another option is to implement a scrubbing filter to prevent high amounts of fake traffic from putting a drain on your server’s resources.
According to Dan Shugrue, Director of Product Marketing at Akamai Technologies, “the best defense is to have a plan.” He also says, “companies need runbooks for DDoS attacks. They need to practice DoS drills and, of course, they need to investigate DDoS mitigation provider options before the attack takes place.” These are preventative measures suggested by an industry expert.
David Larson, Chief Technology Officer of Corero Network Security, suggests that those who run a network need to maintain multiple safeguards in order to identify unusual traffic patterns and mitigate potential damage. Larson also recommends that companies utilize cloud services with a capability of offloading excessive traffic in the event of a DDoS attack. This can help prevent the networks of these companies from experiencing a DoS overload.
Understanding your traffic profile will help you determine whether a surge in traffic is legitimate or if you’re experiencing a DDoS attack. This will help you respond more efficiently. Understanding your traffic profile will also enable you to choose a bandwidth provider that offers more than enough bandwidth for your server’s average consumption. This will help you manage extra traffic in the event of an attack. Sure, this isn’t a feasible plan for getting through an attack unscathed, but it’s certainly a start.
What to Do When if You Are Under a DDoS Attack
If you do find that your resources are under the strain of a DDoS attack, here are some steps you can take to get yourself out from under the situation with minimal damage:
Defend your network. If you’re running your own server, there are certain things you can do to mitigate the effects of a DoS attack. These include rate limiting your router, adding filters that will inform your router to drop packets from obvious sources of attack, timing out half-open connections more aggressively, dropping spoofed or mal-informed packets and setting lower SYN, ICMP and UDP flood-drop thresholds. These measures have been tried and true in the past, but they may not be enough to fully ward off today’s more sophisticated attacks. They will, however, buy you some time.
Contact a DDoS specialist. The larger attacks may require some outside assistance. If your site comes under attack and none of the above steps work, your best option may be to reach out to a third-party DDoS specialist. These companies will have the technology and processes in place to keep your server online.
Notify your hosting provider. If someone else manages your server, call your provider to let them know that you’re under attack and need help. If you’re already a SemoWeb client, our support team is available 24×7, 365 days a year to ensure that your server is properly cared for. This is true whether you subscribe to one of our managed or unmanaged VPS plans. For more information about what we do to keep your server online, reach out to our team directly through the ticketing system in your Client Area or by using the LiveChat feature on our site.