Thursday, April 11, 2019
What is DDoS attack?
What is DDoS attack and how does it work?
Hello
everyone in this post we're going to talk about DDoS and what it is. DDoS
stands for Distributed Denial of Service and it's
basically a cyber-attack on a specific server or network with the intended
purpose of disrupting that network or server’s normal operation. A DDoS
attack does this by flooding the targeted network or server with a constant
flood of traffic. Such as, fraudulent requests which overwhelm the system
causing a disruption or denial of service to legitimate traffic.
So for example, here we
have a web server and let's just say that this web server could be a loan to a
company that sells their products over the Internet. And over here we have a
couple of customers with their computers that are browsing the company's web
site looking at the company's products or services. Now let's just say that
someone just wanted to do an attack on this company's web server and let's just
say that they're going to attack the server for whatever reason. For example, maybe they don't like the company or they don't like the owners of the company
or whatever. So what happens if the attacker is going to use their computer and
their program to attack this server and flood it with fraudulent data traffic
to try and disrupt its service now. This is not a DDoS attack this is just
called a DOS attack which stands for denial of service. Because a DOS attack is
an attack that's just coming from one source.
Now, normally a network or server is able to handle an attack
from a single source because it's easier to pinpoint. The server can just
simply close the connection where the attack is coming from. So that's not
really a problem however the problem is that what if an attack comes from
multiple sources simultaneously and that is what a DDoS is. A DDoS is an attack
from multiple sources all at once. So this can computer here who is the
ringleader can communicate with other computers around the world and coordinate
an attack on this server. So now instead of an attack coming from a single
source, the server now has to deal with an attack from multiple sources and when
this happens it will overwhelm the server. It will eat up the server's system
resources such as the CPU and memory and it will also eat up network bandwidth.
So, as a result, these legitimate computers over here are going to be denied
service because the server is too preoccupied in dealing with a DDoS attack. So
the webpage is that these computers want to access or either not going to load
or they are going to be very slow in loading. And they'll get that familiar
spinning wheel of lag on their screens.
So the question is how does the attacker get other computers
to get involved in a DDoS attack? And the simple answer is by using malicious
software the attacker will developed a malware program and distribute it over
the internet and put it on things like websites and email attachments. So if a
vulnerable computer goes to these infected websites or opens these infected
email attachments the malware will be installed on their computer without the
owner even knowing that their computer has been infected. So now their computer
has been recruited in an army of other infected computers to perform a DDoS
attack and this army of infected computers is what's called a botnet. Now,
this botnet is not just limited to a few computers this botnet could be
hundreds or even thousands of computers that are scattered all over the world.
So now this botnet can be controlled like an army waiting to receive
instructions from the attacker, who is now like a centralized command and
control center for the botnet. Then the attacker can send out commands to all
these computers and to tell them to attack at a certain date and time. Then
once that set time is reached the attack begins.
Now a DDoS attack can
last for hours or even days. It just depends on the attacker’s intent. So
another question is why do people do DDoS attacks? DDoS attacks can happen for
several different reasons. For example, it could be for financial reasons and
the attacker is ddossing a competitor in the marketplace. It could also be for
maybe political reasons maybe they don't like the targeted organization's
beliefs. It could also be that maybe the attacker is just doing it for fun.
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment