What exactly is a Ddos attack, why is it dangerous, and how does it work?

670 views
0

I don’t get it, how can you mess someone up when they have no connections with you?

In: Technology

It’s like if you wanted to play a prank on your teacher so you got everyone in your class to call your teacher’s phone number at the same time so that they wouldn’t be able to use their phone for anything else for the time being.

It’s dangerous because then they might miss out on some important phone calls.

It works by infecting other computers (phones) with malware that makes them call the “phone number” unwillingly. That’s where the first ‘d’ comes from—distributed denial of service attack, as in the sources of the “calls” are distributed/spread out. An ordinary denial of service attack would just use one “phone”

Here’s an analogy:

The United States has an interstate system that is designed to let cars move freely on and off the highway. As long as you have a car, a license and gas money, there is nothing stopping you from visiting any state or city that is connected to the interstate system. There are rules that dictate how fast individual cars can go and how they must drive, but there are no rules that dictate how groups of cars must function. If every driver in the state of Texas decided they wanted to drive to St. Louis for the weekend, there nothing in place to prevent that from happening. On that unfortunate weekend, the traffic in St. Louis would be so bad that the city would stop functioning. Police could try to mitigate traffic and turn people around, but no single individual could be punished for wanting to drive to St. Louis and you couldn’t sensibility pass a law afterwards to ban people from using the interstate to travel to St. Louis. People were simply using the interstate system exactly as it was designed. The fact that every Texan decided they wanted to visit St. Louis that weekend was an unintended abuse of the system.

In a similar manner, the internet allows people to connect to websites. For your website to be part of the internet, it needs to accept connections from other computers connected to the internet. This works fine if you have designed your website to handle a couple thousand people a day. However, if every computer owner in the state of Texas decided to visit your website, just like St. Louis, it would receive so much traffic that it would stop functioning. You can try to mitigate the traffic coming into your site, but ultimately Texans are just using the internet exactly how it was designed and there isn’t much you can do about it on a fundamental level. The fact that every Texan wanted to visit your website that particular day was just an unintended abuse of the system.

The difference in a DDoS attack however is that it is an *intended abuse* of how websites are designed to handle traffic on the internet. If a malicious individual has control of enough computers and a website isn’t prepared to handle a sudden influx of traffic, they can singlehandedly bring a website down just by instructing all the computers they control to send traffic to it.

Other people already explained what ddos is (basically, overwhelming a server with too many requests).

About the dangers of such attack, while I’m not an expert on the subject, the repercussions are quite low. It will basically disable the server, but it will not reveal any information on it, or allow anyone to access whatever inside. So unless you’re somehow ddos’ing a computer monitoring a power plant (which should not be externally accessible anyway), nothing “really” bad will happen.

Please fell free to correct my assumptions!

An DoS attack (Denial of Service) is to flood a computer or a server with so many requests that nothing else can get through. These are easy to block as you just block the one computer that is flooding you. DDoS attacks (Distributed Denial of Service) use multiple computers to do the same thing. These are often accomplished by using botnets (Normal computers that are infected with special malware that lets hackers control them). These are much more difficult to block as the requests are coming from several different addresses. A well planned attack will use tens of thousands of computers.