What is a denial of service attack? We get this question on a regular basis, and a denial of service attack can cripple a business, so its worth spending a few minutes to explain things without getting into too much techno-jargon.
A denial of service attack is an attack launched by a hostile party designed to take you offline. Denial of service (often abbreviated DDoS) usually involves using hijacked computers from over the Internet to fire torrents of bogus traffic at a specific website. When enough bad traffic is generated, the servers and networks powering that website can be overwhelmed. The result is that everything breaks and the site goes offline. For the bad guys, this is “mission accomplished”.
Lets break some of this down.
Distributed Denial of Service Attack (DDoS)
The “distributed” part refers to the fact that the origin of the attack is not a singular point, but rather it is distributed in nature. Often there can be tends of thousands of hijacked computers across the world hammering away at the target website.
Hijacked Computer
You know the part where you have to have anti-virus and anti-malware software on your PC? This helps to lower the chances that your PC will be taken over by bad guys and used in a denial of service attack. There are likely millions of hijacked computers connected to the Internet at this very moment, most of which are simply waiting for a remote command to begin an attack. In most cases users have no idea that the PC they’re sitting at is primed to participate in an attack. From that point of view, protecting your PCs against becoming an attack drone is not just good for you, its good for the Internet in general.
Bogus Traffic
Traffic to a website can be a tricky thing. On one hand you want traffic because that means people are visiting your website, learning about your business and maybe even buying what you sell. On the other hand we have Black Friday, when the onrush of millions of well-intentioned online shoppers can cause even large retail sites like Walmart and BestBuy to crash. When the flood of traffic directed at a site is bogus in nature, the individual data packets sent to a server are intentionally malformed. Attackers intentionally break the standard “rules of conversation” between computers, making it that much harder for web servers and network elements to handle the situation. Combined with the sheer volume of this malicious traffic, things get ugly quickly and services go down. End result … denial of service.
A denial of service attack doesn’t have to be directed at a website. It can be directed at almost any Internet connected service, including DNS and email. Often a denial of service attack involves “collateral damage”, most often caused when other services sharing underlying resources are taken down along with the intended target. In all cases, its a bad thing.
In the next post we’ll talk about how you can be proactive in protecting yourself against a denial of service attack.
If you need to know more about denial of service attacks and how they might impact your business, feel free to contact us. We’re happy to take the time to help in any way we can.