Current eMessage > Technical Information > July 2017

Technical Information

What is a DDOS attack?

by MACC’s Technical Support Team

If your website disappears off the internet, and orders dry up on what is usually your busiest day of the year, you may have become the victim of a distributed denial of service (DDoS) attack.

You aren’t alone. High profile victims of DDoS attacks in 2015 included organizations as diverse as cloud hosting company Linode, games company Valve, Microsoft’s Xbox Live network, the BBC, Rutgers University and even the internet’s DNS root servers. In 2016 they hit Dyn (Etsy, Github, Spotify and Twitter), The Rio Olympics, and the Clinton and Trump campaign sites.

A basic denial of service attack involves bombarding an IP address with large amounts of traffic. If the IP address points to a web server, then it (or routers upstream of it) may be overwhelmed. Legitimate traffic heading for the web server will be unable to contact it, and the site becomes unavailable. Service is denied.

A distributed denial of service attack is a special type of denial of service attack. The principle is the same, but the malicious traffic is generated from multiple sources — although orchestrated from one central point. The fact that the traffic sources are distributed — often throughout the world — makes a DDoS attack much harder to block than one originating from a single IP address. *

How do DDOS attacks work?
Building Capacity
Attackers build networks of infected computers, known as ‘botnets,’ by spreading malicious software through emails, websites and social media. Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.**

Launching Attacks
Botnets can generate huge floods of traffic to overwhelm a target. These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country’s international cable capacity.*

Selling silence
Specialized online marketplaces exist to buy and sell botnets or individual DDoS attacks. Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organization’s online operations. A week-long DDoS attack, capable of taking a small organization offline, can cost as little as $150.*

The not so “fun” facts of DDOS

$150
can buy a week-long DDoS attack on the black market. TrendMicro Research

More than 2000
daily DDoS Attacks are observed world-wide by Arbor Networks. ATLAS Threat Report

1/3
of all downtime incidents are attributed to DDoS attacks. Verisign/Merril Research

A current view of DDOS attacks worldwide can be found here: http://www.digitalattackmap.com

What can you do to stop DDOS attacks?
Identify it early, contact your hosting team (or company), tell them you are under attack, and ask for help. For large attacks you might need call a DDOS Specialist, but DDoS mitigation services are not free, so it’s up to you whether you want to pay to stay online or take the hit and wait for the DDoS attack to subside before continuing to do business.**

If you have any questions regarding DDOS attacks or any other technical questions, please contact MACC’s Tech Support Team. We are here to help! You can reach us at 402-533-5300 or via e-mail at macctechs@maccnet.com.

*Information courtesy of Paul Rubens
**Information courtesy of Google Ideas and Arbor Networks.