What is DDoS?

A DDoS attack, or distributed denial of service attack to give it its full title, like any denial of service attack has a final goal of stopping the target from functioning as it should, ultimately so that no one can access it. The services of the targeted host connected to the internet are stopped temporarily or in some extreme cases, indefinitely.

The usual targets for a DDoS attack typically include high profile organisations like banks, government bodies or credit card transaction gateways. The target machine ends up so overwhelmed with external communication requests that it either responds too slowly or cannot respond at all and is therefore considered unavailable. Even when DDoS attacks occur for a very short period of time, it nearly always results in loss of revenue for the target.

How is a distributed denial of service DDoS attack done?

– The DDoS attacker chooses a computer system and makes it the DDoS master (the Command and Control Centre)

– From the Command and Control Centre, the attacker begins communicating with other computer systems that can be compromised and used

– Readily available hacking tools available on the internet are loaded to the selected computer systems which now become controlled machines referred to as bots, commonly running into hundreds of thousands of compromised machines

– With a single instruction from the Command and Control Centre, the DDoS attacker can have all the controlled machines launch packets at the targeted host simultaneously

– This stream of spurious packets finally overwhelms the target and the result is the denial-of-service, or a complete stop of all the site’s functions on the internet

It is important to note that the users of the computer systems controlled, the bots, are usually unaware of what is going on. However, their systems continue to be one of the biggest threats to the security on the internet. It is also important to note that since the packets that flood the targeted system do not originate from only one source, but from hundreds of thousands of sources in some cases, the attack cannot be stopped by simply blocking a single IP address.

Some recent examples of DDoS attacks are:

– On New Year’s Eve of 2015, the BBC was hit with what, up to that point, was thought to be the largest DDoS attack in history, peaking at an eye watering 602Gbps. The BBC’s entire domain including its on-demand television and radio player were down for three hours and continued to have issues for the following 24 hours.

– The DDoS attack on the Dutch anti-spam website Spamhaus in 2013 topped out at 400Gbps. While the scale of this DDoS attack was large enough to wreak havoc across Spamhaus’ network, the real issue arose when the attackers changed their tactics and switched their focus. They began to target CloudFlare (Spamhaus’ security network) and CloudFlare’s bandwith providers. This began a domino effect that resulted in slow service speed beyond Spamhaus and CloudFlare to the greater internet. One of the attackers was discovered to be a 13-year-old hacker-for-hire.

– In early 2016 the Playstation Network was taken offline across the UK and the US twice in the same week as the result of a massive DDoS attack. Core features such as online gaming and transaction processing were rendered completed unusable.

– In 2018, GibHub experienced the biggest DDoS attack to date, with 8 minutes of sustained traffic at 1.35Tbps. Hackers used a Memcached amplification technique, and therefore were able to double the previous record.

For further reading please browse the dedicated DDoS section of our website.

We have also published a blog article on this here.