DDoS is short for Distributed Denial of Service and is a type of DOS attack where multiple compromised systems, usually infect with a Trojan, are used by a hacker to disable a website or server. Victims of DDoS attack are both the targeted site and all the other systems used and controlled by the hacker in the attack. The cracker sends flooding traffic to the victim using many different sources – hundreds of thousands or more sources. Finally, the victim is unable to control the flow because it becomes impossible to distinguish between legitimate and fake incoming traffic.
The attacker creates a network of infected zombie computers known as botnets by sending malicious software through social media, emails and websites. After the zombie computers are infected, the attacker can control the entire hacking process using a remote control. Botnets can generate large flows of traffic to overwhelm the target and the traffic flood can be distributed in multiple ways. The zombie computers are used like an army to launch an attack without the knowledge of the owners. The messages are too huge for a server to handle and sent in a random way to use up the victim’s bandwidth. Some attacks are too large to even incapacitate a state’s international cable.
There are specialized market places on the internet available to sell and buy DDoS attacks and botnets. Anyone can buy from these underground markets by paying a nominal fee to disable a website they dot like or disrupt a company’s operation. A DDoS attack running for a week to target small companies can cost as little as 150 dollars.
The hacker uses a Digital Attack Map to know the activities taking place any given time. When the cracker launches an attack, the actions are displayed as dotted lines and scaled to size to identify the source and the destination. The features of the map include:
- Histogram to show the historical data
- A select command to view DDoS activities in a given country or target
- A color option to indicate the magnitude of attack, type of attack or duration of attacking
- A news section to keep abreast on current trends and attack activities
- A gallery to view examples of previous successful attacks
DDoS attacks come in various forms such as Teardrops, Smurfs and Pings of Death. Here are some methods commonly used to launch an attack.
- TCP Connection Attacks – they attempt to use all the victim’s available connections and infrastructure like application servers, load balancers and firewalls. These attacks can also bring down a county’s millions of connections.
- Volumetric Attacks – cause congestion by eating up bandwidth of the victim all the networks in-between.
- Fragmented Attacks – these attacks send UDP and TCP fragments to the target and the system is destroyed when it tries to assemble the pieces of information together.
- Application Attacks – they target applications by overwhelming a specific service. This is a very effective method that can bring down a server even by using very few botnets.
By forging a target’s IP address, a cracker can send small requests through a DNS server and then amplify every request using the botnets to overwhelm the victim.