Distributed Denial Of Service (DDoS) Attacks: Types, History, How They Work
Distributed Network Attacks or more commonly known as Distributed Denial of Service (DDoS) attacks.
Each server has a specific capacity limit, a DDos attack would overloads the specific capacity limits that apply to any network resources, such as the company's website's infrastructure. Multiple requests will be sent by the DDoS attack, to the attacked web resource, with the intent to exceeding the website’s capacity to handle multiple request and prevent the website from functioning correctly.
Types of DDoS attacks
DDoS attacks are split into three types. First, the protocol attacks aims at the transport or the layer of the network by finding the flaws in the protocol and overwhelm the targeted resources. Second, network-centric or volumetric attacks consumes the bandwidth with packet floods. And third, application layer attacks. Using a high volume of application calls, the attacks overload application services or databases. The overwhelming of packets causes a denial of service.
How a DDoS attack works
Websites such as Facebook, have a limited amount off request they can handle at the same time. On top of the limited capacity of the server, the channel that connects the server to the internet also has a finite bandwidth/ capacity. Once the number of requests exceeds the capacity limits, the service will most likely suffer in one of the following ways: slower response to requestsIgnoring users response
History of DDos Attacks
PLATO was a computerized shared learning system, one of the first and a forerunner of multi-user computing systems in 1974. The very first DDos when David Dennis, a 13-year-old student at the University of Illinois Urbana-Champaign, who learned a new command that was able to run on CERL's PLATO. The command "external" or "ext" would normally be used to allow interaction with external devices connected to the terminals. But, if it was to run on a terminal with no external devices attached, the terminal would lock up and require a shutdown. David was curious to see what would happen if a room of users were to be blocked at once, which he succeeded in forcing 31 users to power off simutaouly by writing a program where it would send the "ext" command to many PLATO terminals all at once.
In the mid 1990s, users battle for control of non-registered chat channels in the popular Internet Relay Chat. When an administrative user log off, their administrator privileges would be passed on to other users. This cause hackers to use simple Dos attacks to force the all users to log out, then log in alone to gain administrator privileges. A tool was used by a hacker called "Trinoo" to take down the University of Minnesota's computer servers for two days. This was among the few first large-scale DDoS attacks that took place in August 1999. Trino was a tool that used network machine called "Masters" and "Daemons", the hacker then send orders to a few Master, which then would pass the instructions to hundreds of Daemons and they would flood the targeted IP address. The owners would not be able to notice their systems being under a DDoS attack because of how easy the tool made it to hide the Daemons IP addresses.
The hackers brought public attention to the DDoS attack once hackers started to focus on them. Since it was hard to detect where the attacks are coming from, DDoS attacks became a powerful tool for hackers to use and allows them to go for bigger targets. But, nowadays they are no longer as big as a treat they were back then. In our current time, as technology evolves, so have the defence against DDoS attacks.
DDoS attacks in recent history 2010, Anonymous vs. PayPal
In 2010, users who tried to visit Paypal were greeted with the message: "You've tried to bite the Anonymous hand. You angered the hive and now you are being stung." This was the work of the group of hackers called Anonymous. They launch a DDoS attack using the name Operation Payback and flooded websites that belong to companies including PayPal. They caught the leader behind the attack, Christopher Weatherhead,a student at Northampton University. The DDoS attack ended up costing Paypal 3.5 million Euros. A DDoS attack on Spamhaus, a website deal with spam got hit with a 300Gbps which was the biggest DDoS attack in 2013.
Cloud Flare was hired by Spamhaus to deal with the DDoS attacks that occurred earlier last week, but they were also hit, forcing them to drop London as a hub in its network. Spamhaus provides a list of IP addresses for servers and computers on the net linked to the distribution of spam. They would then block blacklists organisation. Spammers hated the practice, so they would make Spamhaus a target to threaten, sue and DDoS.
The 2016 Dyn attack
On Friday October 21, 2016, an DDoS attack targeting Dyn was launch. Users all around the globe were unable to access the 1,200 domains Dyn was in charge off. Dyn’s Engineering manage to was successfully mitigated, but the damage has already been felt by customers and their end users.
The 2015 GitHub attack
A 1.35 terabits per second of traffic hit GitHub in 2015. GitHub, a platform for developers was hit with a popular DDoS method that lasted several days. The DDoS traffic traced back to China and it was strongly suggested that the Chinese Government oversaw the attack. It is speculated that the DDoS attack was to get GitHub to take down two GItHub Project aimed a circumventing Chinese state censorship.