ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

DDOS Attacks and How to Avoid them on the Internet

Updated on August 7, 2009

DDOS is an Internet acronym for "Distributed Denial of Service"." DDOS attacks are not uncommon. However, modern computer hardware and software, along with the modular design of the Internet tend to neutralize the effects.

A DDOS attack serves no useful purpose beyond "taking down" a web site. Data are not stolen, servers are not compromised. Interestingly enough, a DDOS attack requires no special access to a web site; the entire attack is external to the web server computers. The most secure sites on the 'net are subject to DDOS attacks simply due to the external nature of the DDOS strategy.

How It Works

A web site is hosted on a computer called a web server. Very popular sites are hosted on multiple sites referred to as server farms. In either case, web surfers use programs like Internet Explorer, Opera, or FireFox to browse to the site. The process of browsing generates a series of requests and responses; the browser software generates requests for information, then waits for the web server computer to provide responses.

The DDOS attack strategy simply attempts to overwhelm the web server with requests from different parts of the Internet. Modern web servers have the smarts to deal with large volumes of requests, whether the requests originate through a DDOS or an unexpected surge in legitimate traffic. The worst case scenario, which is the ultimate goal of the DDOS intrusion, is a web server 'crash', thereby inconveniencing legitimate users and embarrassing the owners of the web site. A loss of income may also result if the web site is involved in commercial endeavors.

Is your computer about to become a zombie?
Is your computer about to become a zombie?

Architecture of a DDOS attack

As mentioned earlier, even an unexpected volume of legitimate browser requests can bog down a web server and result in a situation that closely resembles a DDOS attack. Smaller sites that suddenly receive national attention experience this scenario quite often. Computer users on many different segments of the Internet are requesting information from the suddenly overworked web server; it shuts down due to overwhelming levels of traffic.

A DDOS attack is malevolently intended to trigger a web server crash. It's no accident. Computers all over the world are synchronized to begin generating multiple requests at the same time. Many computers are required, but that's not enough to generate an effective attack. The computers must be distributed over multiple segments of the Internet. Imagine the streets in a large city. If one street becomes congested, it's simple enough to reroute traffic around that single street. If all (or nearly all) the streets are congested, paralyzing gridlock can result.

DDOS participating computers may be in your home or office. Many Internet viruses serve to compromise unsuspecting computers and configure them to be controlled remotely. Great armies of remote-controlled computers work together to generate DDOS attacks. A startling number of computers are connected to the Internet and under the influence of mysterious hackers elsewhere in the world. A slang term for such a computer is zombie.

Computer viruses (for the purpose of this article we will lump viruses, malware, and spyware together) have four primary purposes:

  1. send out SPAM,
  2. steal keystrokes and data,
  3. provide remote-control capabilities,
  4. and serve pop-up messages to the user.

A virus may perform one or more of these 'functions', or your computer may contract multiple viruses, each of which has a specialized purpose. A compromised computer may never be asked to participate in a DDOS attack, but the virus may lay dormant, lurking in the background. The 'best' DDOS viruses won't interfere with computer use. A modern computer puts a very small load on the CPU. Well-written viruses can happily execute in the idle periods and still accomplish its' intended utility.

A Real-World Model of a DDOS Attack

In the purest sense, a DDOS attack represents a computer science exercise. As we know, all computer science concepts can be witnessed in the real world by a trip to the Supermarket. Imagine a checkout line at a busy grocery store. Customers line up and patiently wait for their opportunity to present requests in the form of coupons, customer loyalty cards, and methods of payment. Our friendly cashier represents the web server computer. Requests are received and processed in a timely fashion. Everyone goes home happy. Consider a store infected with hundreds of zombie shopping carts. All of a sudden every cart in the store descends on the same checkout line. Refusing to wait in line, they encircle the hapless cashier and demand attention.The poor lady quickly realizes she cannot possibly handle so many simultaneous requests for service. She collapses in a quivering heap, then slinks off to take her break.

Beware Zombie Computers Used for DDOS Attacks

Some images may be courtesy of http://www.sxc.hu/

working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)