Distributed denial of service (DDoS) is a type security threat wherein one individual or group — the attacker — intentionally and maliciously lets loose extremely high volumes of Internet traffic into the computer network resources of another — the victim — in order to paralyze those resources either by slowing down their performance or halting their operation altogether. The operative phrase is extremely high volumes.
When a network receives traffic volume that’s beyond its capacity to handle, at least one vital part of it if not the entire network itself, is bound to get choked and will no longer be able to perform network services requested by legitimate clients. We can compare the situation to a highway that gets maliciously swamped with thousands of motor vehicles at a particular hour of the day when it is designed to serve regular traffic of only a few hundred in the same time frame. The ensuing traffic jam denies the highway the ability to perform its service of efficiently transporting people, goods, or services from one geographical point to another.
DDoS attacks use multiple networked computers organized into malware clients called botnets or “zombies” that are controlled by servers acting as command centers. This is the “distributed” part of DDoS.
Specific physical targets of DDoS attacks include web services, applications, and firewalls. The victims are usually organizations that are business, political, social or ideological competitors of the attackers.
What makes DDoS attacks particularly troublesome is that there are many categories of them. There is, for instance, the simple attack which floods the target with nuisance traffic (often disguised as legitimate traffic) using a large number of botnets aimed at the weakest network link. The overwhelming presence of unwelcome traffic prevent legitimate traffic from availing of services of the system under attack. Other categories of attack are DNS (Domain Name System) attacks and HTTP (HyperText Transport Protocol) attacks, both of which have their own variations.
When the target of DDoS attacks are commercial establishments, there is almost always a financial loss. Surveys on the effects of such attacks suggest that losses could range from $10,000, to $50,000 to $100,000 per hour of network downtime depending on the particular type of business. Duration of attacks range from 24 hours or more, to days, to weeks. All these figures indicate very plainly that DDoS attacks can hurt the pockets of business enterprises in a big way and, consequently, the national economy.
But financial drain is not the only worry that confronts victims. There is also serious disruption of customer service and damage to brand reputation.
Can DDoS attacks be banished from the land and save victims from untold worries?
Network security experts say that there is no way DDoS can be eliminated. They can only be mitigated. This means that financial losses from DDoS attacks are bound to be incurred and the best that businesses could do is control the damage.
To guard against DDoS, organizations that rely heavily on network services should fully understand their present strengths and weaknesses as far network security is concerned. For best results they can partner with a DDoS protection specialist, or alternatively with IT specialists who have a very good handle on security.
m.tiggelaar
– Founder of Key4ce & FuseCP.
– More then 13 years of experience with Windows high availability and Microsoft Exchange.
– More then 13 years of experience with Linux and Unix.
– Open source enthusiast and a large contributor for multiple large Open Source projects.
My current main focus of attention is Geo-Clustering.