A Distributed Denial of Service (DDoS) attack starts by the attacker recruiting an army of computers on the Internet ready to strike at a moment's notice. Recruitment involves luring the unsuspecting computer owners around the world with weak safeguards into visiting sites or opening emails that would result in a malicious program being executed leaving their computers in a compromised state. The collection of compromised computers are referred to as zombies and they stand ready to wreak havoc at the attacker's command by directing as much traffic to the victim's server as they can muster, bringing the server to its knees. When they receive a green light from the attacker, that's exactly what they do. All the victim sees is a flood of data coming from all direction, thus the name DDoS. The deluge renders the server incapacitated, unable to accomplish its usual work as it becomes confounded, much like a confused gazelle attacked by a pack of hyenas.
Why wouldn't the attacker simply use his own equipment to carry out an attack? Simply because attackers seldom have enough bandwidth and computing muscle to carry out large-scale attacks. Besides they risk getting booted off the network by their ISP, and easily getting blocked by the victim, if they misbehave. By controlling the zombies, attackers need very little bandwidth to send the attack command, delegating the dirty work to the compromised computers.
There is usually little a victim can do to defend against the attack. The site's owner can contact his ISP for help. What happens next is a careful adjustment of bandwidth and filtration by the ISP as well as the possible relocation of the victim's server to another address. Meanwhile the victim may have to endure days of outages before the remedies are effective, and still there is no guarantee that the attacker won't recruit a fresh batch of computers to carry out another attack.
Large companies with enough financial strength, might pre-empt such attacks by having a collection of servers distributed geographically around the world attached to large data pipes with sufficient bandwidth tolerance for network traffic surges. This renders most attacks ineffective, unless they are ultra-large, highly distributed, and adaptable. That is why you rarely hear about attacks on sites such as Google, eBay, or Amazon, even though they are prime attack targets.
So what can be done to combat DDoS more effectively? Stay tuned for part II.
ddos,dos,Denial of Service,zombies,ISP