18 Jan Hacker Lexicon: What Are DoS and DDoS Attacks?
YOU SEE THEM mentioned in the news all the time. DoS and DDoS attacks are on the rise, and they are getting more sophisticated and intense every year. The US government accused Iran of conducting a prolonged series of DDoS against the web sites of Bank of America and other financial institutions, presumably as retaliation for economic sanctions levied against Iran for its nuclear program. Recently DDoS attacks by extortionists have targeted banks in Greece and Sweden. So what are DoS and DDoS attacks?
DoS stands for “denial of service” and refers to an attack that overwhelms a system with data—most commonly a flood of simultaneous requests sent to a website to view its pages, causing the web server to crash or simply become inoperable as it struggles to respond to more requests than it can handle. As a result, legitimate users who try to access the web site controlled by the server are unable to do so. There are other types of DoS attacks that use different tactics, but they all have the same effect: preventing legitimate users from accessing a system or site.
Simple DoS attacks, performed from a single machine, are uncommon these days. Instead, they’ve been supplanted by DDoS attacks, distributed denial-of-service attacks that come from many computers distributed across the internet, sometimes hundreds or thousands of systems at once. The attacking machines are generally not initiating the assault on their own but are compromised machines that are part of a botnet controlled by hackers who use the machines as an army to target a website or system. Because these attacks emanate from thousands of machines at once, they can be difficult to combat by simply blocking traffic from machines, especially when attackers forge the IP address of attacking computers, making it difficult for defenders to filter traffic based on IP addresses.
Perpetrators launch DDoS attacks for a variety of reasons. Hacktivists have used them to express displeasure against targets—for example when members of Anonymous launched attacks against the sites of PayPal, Visa, and MasterCard in 2011 after the payment service providers refused to process financial donations intended for WikiLeaks.
In 2013, spammers apparently launched a punishing attack against the spam-fighting site Spamhaus, after the site added a Dutch hosting company called Cyberbunker to its spam blacklist. Spamhaus provides blacklists to email providers to help them filter out spam sent from known spammers. Cyberbunker got on the list because it was accused of providing hosting services to spammers. At the attack’s peak, 75 gigabits of traffic per second reportedly flooded Spamhaus servers.
The online gaming industry has also been plagued with DDoS attacks for several years, with the blame going to disgruntled players and even to competitors. A number of DDoS-for-hire services, for examples, will take down a competitor’s website for any business that wants to hire them.