DDOS ATTACK: Explained
DDoS which refers to Distributed denial of service is essentially a cyber-attack targeted at a particular server or network with the goal of disrupting the regular operation of that particular server or network.
To accomplish this, a DDoS attack bombards the targeted network or server with an incessant stream of traffic, such as false requests, overwhelming the system and disrupting or depriving legitimate traffic from receiving service from the network or server.
For instance, let’s say we have a web server that’s owned by a business that operates an e-commerce site. So, there are several potential clients using computers over here to browse the company’s website and explore its product lines.
DoS (Denial of Service) vs. DDoS (Distributed Denial of Service
Let’s assume for the moment that someone intends to attack the web server of this business, for whatever reason.
In order to try and interfere with the server’s operation, the attacker will use their computer and software to attack it and overwhelm it with artificially generated traffic. This isn’t a DDoS attack, yet because it’s an attack that originates from a single source, so it’s simply referred to as a denial of service (DOS) attack. An assault from a single source may typically be handled by a network or server since it is easy to detect.
The attack’s source connection can be easily closed by the server. Thus, it’s not really an issue. But the issue is, what happens if attacks originate from several different places at once? A DDoS is precisely that.
A DDoS is an attack from multiple sources all at once. The master computer can communicate with other computers and coordinate an attack on the target server or network. Instead of an attack coming from a single source, the server now has to deal with an attack from multiple sources.
The server will be overloaded at that point. It will consume network bandwidth as well as system resources on the server, particularly the CPU and memory.
As a result, because the server is too busy handling a DDoS attack, service will be denied to legitimate client computers and devices.
These machines are trying to access web pages, but they are either not going to load at all or they will load very slowly. Additionally, users will see the familiar lag-spinning wheel on their devices.
Botnet
How is a DDoS attack initiated by the attacker propagated by other computers? With the use of malicious software. The hacker will create malware, distribute it online, and attach it to email attachments and webpages, among other applications.
Without the owner even being aware that their computer has been compromised, malware will be installed on a susceptible machine if it visits these compromised websites or opens these compromised email attachments.
As a result, their machine has been enlisted to launch a DDoS attack alongside an army of other compromised machines. This army of compromised machines carrying out DDoS attacks is what is referred to as a botnet, under the control of a bot-herder, the master machine.
A botnet is not restricted to a small number of machines. A botnet may consist of hundreds or thousands of dispersed computers worldwide. As a result, this botnet may now be managed like an army, waiting for commands from the bot-herder, who serves as the botnet’s central command and control center.
All these machines are capable of receiving commands from the attacker instructing them to launch an attack at a specific time and date. And then the attack starts when that predetermined time comes and the attack can last for hours or days.
DDoS attacks can happen for various reasons, ranging from economic and business competition reasons — by a business competitor, to political reasons, where someone or group disagrees with another organization’s stand to an individual hacker doing it just for fun.
—
