DDoS Attack Explained

 


Hello everyone, in this Article we're going to talk about DDoS and what it is. DDoS stands for distributed denial of service. And what this is, it's basically a cyber attack on a specific server or network with the intended purpose of disrupting that network or server's normal operation. 

And a DDoS attack does this by flooding the targeted network or server with a constant flood of traffic, such as fraudulent requests, which overwhelms the system, causing a disruption or denial of service to legitimate traffic. So for 

example here we have a web server and let's just say that this webserver could belong to a company that sells its products over the internet. And over here we have a couple of customers with their computers that are browsing the company's website, looking at the company's products or services. 


Now let's just say that someone just wanted to do an attack on this company's web server.  And let's just say that they're going to attack the server for whatever reason. For example, maybe they don't like the company or they don't like the owners of the company, or whatever. So what happens is the attacker is going to use their computer and their program to attack this server and flood it with 

fraudulent data traffic to try and disrupt its service. Now, this is not a DDoS attack, this is just called a DoS attack which stands for denial of service. 


Because a DoS attack is an attack that's just coming from one source. Now, normally a network or server is able to handle an attack from a single source because it's easier to pinpoint. The server can just simply close the connection where the attack is coming from. So that's not really a problem. However, the problem is that what if an attack comes from multiple sources simultaneously? And that is what a DDoS is. 


A DDoS is an attack from multiple sources all at once. So this computer here, who is the ringleader, can communicate with other computers around the world and coordinate an attack on this server. So now instead of an attack coming from a single source, the server now has to deal with an attack from multiple sources and when this happens, it will overwhelm the server. It will eat up the server's 

system resources, such as the CPU and memory, and it will also eat up network bandwidth. So as a result, these legitimate computers over here are going to be denied service because the server is too preoccupied with dealing with a DDoS attack. So the web pages that these computers want to access or either not going to load or they are going to be very slow in loading and they'll get that familiar spinning wheel of lag on their screens. 


So the question is how does the attacker get other computers to get involved in a DDoS attack? And the simple answer is by using malicious software. The attacker will develop a malware program and distribute it over the internet and put it on things like websites and email attachments. So if a vulnerable computer goes to these infected websites or opens these infected email attachments, the malware will be installed on their computer without the owner even knowing that their computer has been infected. 


So now their computer has been recruited in an army of other infected computers to perform a DDoS attack. And this army of infected computers is what's called a botnet. Now, this botnet is not just limited to a few computers, this botnet could be hundreds or even thousands of computers that are scattered all over the world.  So now this botnet can be controlled like an army, waiting to receive instructions from the attacker, who is now like a centralized command and 

control center for the botnet. And then the attacker can send out commands to all these computers and tell them to attack at a certain date and time. And then once that set time is reached, the attack begins.


Now a DDoS attack can last for hours or even days. It just depends on the attacker's intent. So another question is, why do people do DDoS attacks? DDoS attacks can happen for several different reasons. For example, it could be for financial reasons and the attacker is DDoSing a competitor in the marketplace. It could also be for maybe political reasons. Maybe they don't like the targeted organization's beliefs. Or it could also be that maybe the attacker is just doing it for fun.