How do DDOS attacks work and why aren’t they more frequent?


With the recent DDOS attack on a country that’s in the Korean Peninsula, I was wondering how this actually happens and how it takes down the entire internet infrastructure?

In: 3

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the a website or server, by overwhelming it with a flood of bot requests for access.

If a thousand bots constantly attempt to access the website, the server doesnt have any bandwidth to give access to *real people* trying to use the site.

Think of DDOS attacks as spam. Spam to one specific target, flooding a path. When that path is obstructed, anyone in that path also feels the obstruction, like an interstate shut down do to a crash. But the crash was intentional.

They’re more frequent than you think, but ISPs are quick and stop this obstruction. They create a black hole for all of that unnecessary obstruction to fall in to so everyone else isn’t affected.

That’s the best I csn do to explain it.

A server has tens of thousands of ports that can be either open or closed.
An open port can be made available to listen to requests.
Websites typically listen on port 80 by default – and a ddos attack tends to just be a simple application that will flood port 80 of the address with repeated requests.
If it does this alone; then firewalls are capable of recognising that a large number of requests are coming from the same source and can then block that application.
It can also limit the number of requests coming from the same source to prevent simple ddos attacks like this.

Most big business has invested in infrastructures that have load balancing – and can shift server resources dynamically when the loads become significant – and this can prevent or reduce the impact of a ddos attack.

This is the simple version.
The reality is that ddos attacks are becoming more sophisticated (i.e. viruses that affect multiple PCs – that then go on to each spam the service; meaning there is no one source).

Ddos attacks happen every day. Most of them are easily combatted though.

A DDoS attack is basically flooding networking equipment with traffic.

Think of it like someone arranging to make a massive traffic jam in front of your business. The street are blocked with traffic so legitimate customers can’t get in.

The source of this traffic is typically BotNets, thousands of machines that have been compromised by a hacker to act as source for garbage traffic. Combined they can generate multiple Gigabits of garbage traffic from multiple sources which makes it difficult to stop. The Internet of Things (IoT) is the largest Botnet on earth. Everything from your Grandmothers TV to your digital coffee pot are all connected to the internet these days and these devices often have little to no protection in front of them and are never updated with new software so they are easy targets for a hacker. So your PVR might be attacking Korea and you would have no idea.

Such a BotNet is actually available to rent, you can pay BitCoins to rent time on it. Script Kiddies that run MineCraft Servers are notorious for this because they make BitCoin by selling access to their MineCraft servers and then rent the BotNet to attack other peoples servers. Since they are usually children they don’t have the morals to understand what they are doing is wrong and HIGHLY illegal.

So how do you stop it?

Modern Firewalls have a degree of protection built in that identifies and blocks that traffic but most businesses rely on Services like CloudFlare. CloudFare is a service you put in front of your website to absorb these kinds of attacks. They have the technology and bandwidth to absorb and stop these kinds of attacks while only transmitting legitimate traffic to your servers.

DDOS attacks are a huge amounts of bots that flood the network and overload it so the real requests don’t get through. This shuts down the network