DDos, what’s that?

What is a Distributed Denial of Service (DDoS)?

The term has been around for years, but last year it received enormous media attention due to the hacks of Anonymous in particular. When hackers want to shut down a site, one of their favourite methods is the infamous DDoS attack. What exactly is this?

The DDoS in brief

DDoS stands for Distributed Denial of Service. The phrase ‘denial of service’ means as much as it means that service is no longer possible. Distributed’ means that the attack is carried out from multiple computers. In practice, a DDoS is an attack in which the affected server receives so many requests from multiple computers that the service (often the website) can no longer be reached and in some cases even the underlying server crashes.

Motorways, exits and junctions

A DDoS might be best for you if you represent the Internet as a motorway. Normally all the traffic (the parcels) drive quietly on these roads, but when it gets busier, it goes a lot slower and vehicles arrive at their destination later. When you consider a website or service as an exit and suddenly an awful lot of traffic – that has no business at all at that destination – is directed to the same exit, you can imagine that this point gets stuck and that legitimate cars can’t get to the end point either. Sometimes the highways (the ISP) and even one or more junctions (backbone servers) come to a complete standstill during such a traffic jam at the exit. Only when the road is cleared again (and traffic is diverted or simply returned home) can the destination be reached again.

The fact that a DDoS is performed with multiple computers does not necessarily mean that there are (organised) club hackers behind it. In many cases the perpetrator operates alone and uses a so-called ‘botnet’ to set up a DDoS. A botnet is a group of remotely controlled computers that can launch an avalanche of server requests through a piece of installed malware, often without the owners of the computer realizing it. Too much legitimate traffic at peak times actually causes a DDoS in the same way, just think of Apple’s site during the launch of a new iPhone or iPad or a news site at the time of a major disaster.

Consequences

The consequences of a DDoS can be catastrophic for an organisation. Websites and internet services become overloaded and therefore inaccessible for a period of time. Intranets and mail servers can also become unusable for a while due to a well executed DDoS. Major DDoS attacks can even take entire countries and regions offline when a critical backbone router goes down somewhere in the network.

Fight

A DDoS with a small or medium volume can be stopped by a well configured firewall or load balancer. Some devices provide automated DDoS protection, while others allow you to filter the particular type of traffic causing the DDoS after detecting the attack. You can also ask an internet service provider (ISP) for help to prevent your organisation from having to deal with a DDoS. Specialised providers offer ‘DDoS shields’ – in the form of a physical appliance, an Internet service or a software module for your existing server – that can distinguish between DDoS traffic and regular traffic so that your services remain accessible. By the way, the use of a modern IPv6 network does not guarantee that your infrastructure will be protected by a DDoS.