DDoS attacks have been the order of the day recently. After the closure of Megaupload, the Anonymous collective took down the sites of the US Department of Justice and Universal, among others, using this technique.
But what is a DDoS attack? How does it affect the server, and what effects can it cause? Is a DDoS attack power as a means of objection? In this article, we will try to explain these questions simply.
What is a DDoS attack?
DDoS stands for Distributed Denial of Service. The translation is a "distributed denial of service attack", and translated again means that the server is attacked from many computers so that it stops working.
But still, this doesn't guide us much about what a DDoS is. To explain it I am going to resort to a simple analogy in which our server is an assistant who attends people at a window.
Our assistant is very efficient and can serve several people at the same time without losing his hair: this is his normal load. But one-day hundreds of people begin to arrive at the window to ask our assistant for things. And like any normal human, when many people are nagging him, he cannot attend to everyone and begins to attend slower than normal. If even more people come, they will probably blow themselves up, walk out the window, and no longer serve anyone else.
The same thing happens on the server: when there are too many requests it runs out of resources, hangs, and stops working. It may shut down outright or just stop responding to connections. Either way, the server will not return to normal until the attack stops, either because the attackers have stopped or because illegitimate connections have been blocked (we will see later how), and everything that has been left is restarted. to function.
This is the basic concept of DDoS, although it can be adjusted to be more effective. For example, data can be sent very slowly causing the server to consume more resources for each connection ( Slow Read is an example of an attack of this type), or the packets can be altered so that the server waits indefinitely for a response from an IP false.
How is a DDoS attack carried out?
Since the basic concept of DDoS is simple, carrying out attacks is relatively easy. It would be worth having a large enough number of people continually reloading the web to throw it away. However, the tools that are usually used are somewhat more complex.
With them, you can create many simultaneous connections or send packets altered with the techniques that I commented on before. They also allow packets to be modified by putting a false IP as the source IP so that they cannot detect who the real attacker is.
Another technique to carry out DDoS is to use botnets: networks of computers infected by a Trojan and that an attacker can control remotely. In this way, those that saturate the server are computers of people who do not know that they are participating in a DDoS attack, making it more difficult to find the real attacker.
How does a DDoS affect a website?
It depends on the attack and the server. Servers can be protected against these attacks with filters that reject malformed or modified packets with false IPs so that only legitimate packets reach the server. Of course, the measures are not infallible and the server can always end up saturated if the attack is massive enough and it is well prepared.
To give you an idea of the volume necessary for a DDoS to be effective, below you have a graph that represents the traffic of a server over time. The traffic during the attack (in green) is so large that normal server traffic is hardly noticeable.
And what happens when the server is saturated? It just becomes unavailable for a while until the attack stops. It is very difficult for physical injury to the server. Besides, DDoS by itself does not allow access to the server: for this, it is necessary to take advantage of some vulnerability, and that is not easy.
So basically, a DDoS can only cause the website to crash, nothing more. Depending on the type of website this may or may not be a catastrophe. If the website generates money (online sales, advertising), the owner stops making money while that website is down. Visualize the losses that Amazon can have, for example, if its page is down for a day.
But, what happens when the page is simply informative, such as those of public institutions? The truth is that not much happens. The institution does not depend on the web to function. Instead, internal networks are usually used that are not available from the Internet, only from within the institution itself, so they are not affected by the attack. The only thing that happens is that anyone who wants to see some information on that page will have to wait a while for it to be available.
This inevitably leads me to the question: does DDoS serve as a means of protest? The answer depends on the person, but I have my position quite clear: they do not work.
We have already seen that on non-commercial websites, DDoS has a very limited impact. The institution is not annoyed too much and since it does not require too many people to carry out the attack, they will be able to say that it is a “minority group” that is protesting.
But it is not only that they do not produce many positive effects: they produce negative effects. People outside the Internet tend to associate "computer attack" with "hackers" and these with "dangerous people". By giving this association a bit of a field, it is very easy to disqualify protests without arguments, because who is going to support, debate, or listen to “dangerous people”?
Furthermore, this type of protest could be described as "violent": it is a direct attack after all. And as always happens, if you protest in this way against an initiative, those who support it will flatly refuse to listen to you.
If you are looking for a better solution to prevent DDoS attacks, our suggestion you to install the best antivirus.
Kommentare