FA+
Shop
A Lesson in Networking: DDoS Attacks
11 years ago
I've seen a couple comments in the aftermath of the massive DDOS attack that went down a few days ago, and I figured... Hey. I've got degrees in this. Maybe I should inform some people about this in case they don't know. So, here's a few comments on what a DDOS is, what it does and what can be done about it:
1.) I'm so pissed off! The site went down again, and for days! I don't know what a DDoS is, but it has to be FA's fault!
Hold your horses, there, bucko. A DDoS, Distributed Denial of Service, has nothing to do with the website. It is an attack. Basically, there's thousands and thousands of computers out there that have been infected with a program. This program does nothing but sit there until it receives a command. And then, once it gets that command, it sends out an endless stream of pings to that server. What is a ping? It is a simple command that anybody with access to a command prompt can do. Its purpose is to determine if an address is there and how long it took to get there. Here's the thing, though: You can put a large amount of empty data in these ping requests... And that takes up bandwidth. Sure enough, if you have thousands and thousands of people sending pings with large amounts of empty data, you eat up all their available bandwidth. And that, while not shutting down the server, makes it so people cannot access the website!
2.) Pings? Can't those things be blocked? Just block those things!
Yeah, that does sound reasonable at first. But think of it like a popular club, and that firewall doing the blocking is a bouncer. It lets everyone who wants to ping the server or access the webpage into the club and denies most other guests... But all those guests still have to get in line before the bouncer throws them out. And if you suddenly have a lot of people that represent ping requests in the line, it doesn't matter if the bouncer throws them out of the club, they're still taking up space in the line!
3.) Wow... So what can be done about it?
Not much by the person who runs the server, unfortunately. At most, they can contact their ISP and tell them what's going on. And then the ISP has to deny those PING requests to that server before those pings even get a CHANCE to get in line. And that takes time. Especially if the person running the attack is smart and they switch up where the pings come from at random intervals.
4.) DDoS is OP! Can just ANYBODY do this?
Yes. Yes it is. And yes you can. It is very illegal, but also very hard to trace, especially since the people who run these bot farms that run the DDoS attacks are often overseas.
So, all a DDoS is... Is a crap ton of pings, all going at your server all at once, enough to eat up all of your available bandwidth. Hard to trace, easy to execute. Crap like this happens all the time as a result. Do not blame FA for this outage, there was very little they could do about it.
1.) I'm so pissed off! The site went down again, and for days! I don't know what a DDoS is, but it has to be FA's fault!
Hold your horses, there, bucko. A DDoS, Distributed Denial of Service, has nothing to do with the website. It is an attack. Basically, there's thousands and thousands of computers out there that have been infected with a program. This program does nothing but sit there until it receives a command. And then, once it gets that command, it sends out an endless stream of pings to that server. What is a ping? It is a simple command that anybody with access to a command prompt can do. Its purpose is to determine if an address is there and how long it took to get there. Here's the thing, though: You can put a large amount of empty data in these ping requests... And that takes up bandwidth. Sure enough, if you have thousands and thousands of people sending pings with large amounts of empty data, you eat up all their available bandwidth. And that, while not shutting down the server, makes it so people cannot access the website!
2.) Pings? Can't those things be blocked? Just block those things!
Yeah, that does sound reasonable at first. But think of it like a popular club, and that firewall doing the blocking is a bouncer. It lets everyone who wants to ping the server or access the webpage into the club and denies most other guests... But all those guests still have to get in line before the bouncer throws them out. And if you suddenly have a lot of people that represent ping requests in the line, it doesn't matter if the bouncer throws them out of the club, they're still taking up space in the line!
3.) Wow... So what can be done about it?
Not much by the person who runs the server, unfortunately. At most, they can contact their ISP and tell them what's going on. And then the ISP has to deny those PING requests to that server before those pings even get a CHANCE to get in line. And that takes time. Especially if the person running the attack is smart and they switch up where the pings come from at random intervals.
4.) DDoS is OP! Can just ANYBODY do this?
Yes. Yes it is. And yes you can. It is very illegal, but also very hard to trace, especially since the people who run these bot farms that run the DDoS attacks are often overseas.
So, all a DDoS is... Is a crap ton of pings, all going at your server all at once, enough to eat up all of your available bandwidth. Hard to trace, easy to execute. Crap like this happens all the time as a result. Do not blame FA for this outage, there was very little they could do about it.
