Help me understand wat a ddos attack is

[Some_weirdGuy]

Zombie Computers are well know for their use of the DDoS Attack formation. The mighty Trojens, diabolical Worms and insidious Rootkits cross the proxseas and surf the tides of the great web to find new victims to join the almighty Botnet army. Once the hoard grows large enough they attack en-mass for a Brute Force assault, swarming the mainlands of Server to engulf the smaller communities sheltering at the IP Addresses.

The residents of Server, HTML Pages (called such after the language of which they speak) become weak, blighted by the Botnets insidious assault, first becoming sluggish and slow to load, before their systems are overwhelmed completely and they can no longer serve Packets to the humble Users who so rely on their services.

Tis a tragic and dark tale indeed...

 

[ghostalker.cepo]

But is it basically like having like a bunch of people showing up to a store and blocking the entrance so the people who actual want to use the store can't get in? Is that right or is there something else to it?

Pretty much, it denies access to a site for the duration of the attack. It's not meant to me a savvy attack, although it can be a prelude to an all out assault by effectively crippling the server for it's duration. They generally happen on a large scale when a certain company/government do something the internet really disagrees with as a warning or protest, like boycotting a shop, or used by hackers with a botnet to distract the boycotted customers, using the analogy mentioned above, to pick pocket them and/or sneak in the back.

I'm going to go out on a limb here and say you're asking because of the DDoS on the Spanish Police's website. They claimed to have caught 3 of the leaders of Anonymous behind the PSN hacks, which anyone who really knows anything about them knows is a lie. For one thing, they're about as organised as a bag full of cats and another, it's not really their style, they protest Scientology and raid Habbo Hotel, not steal credit card data. Sony points the finger at them because they're perceived by the world as cyber-criminal-activists, which they are - don't ever forget that - but they probably have nothing to do with it. They're like a fight club without a Tyler Durden running the show and are only to be feared when something pisses them off to the point they all act together. Claiming the 3 guys the Spanish Police arrested were local leaders of Anonymous was idiocy on their part, either demonstrating a clear misunderstanding of what the entity known as anonymous actually is (pissing them off) or playing along with Sony's scapegoat plan (pissing them off).

It's entirely possible, and probable that the 3 hackers were part of anonymous acting independently, but claiming they were the leaders was a dick move. Their website is fine, anonymous sent their warning that the Spanish Police pissed them off and hopefully they'll take it on board, Gods help them if they don't. The worst part is a lot of gamers know what anonymous is, showing a clear dick move on Sony's part by pointing the finger in the first place, and god knows they're going to get into a lot of shit over the stuff they've been doing lately. The kind of people who mess around with linux on their PS3's are not to be messed with - they know all kinds of bizarre computer voodoo that would scare the pants off anyone with a device connected to the internet. For one thing that's going to stir up anonymous, as most of them who can mess with Sony are that kind of person.

I have 2 theories on this, one is that Sony is showing it's Japanese mindset of "show no shame" by taking so long to admit to and resolve the issue and the other is the possibility that anonymous did attack them, and the guys that were arrested were either part of that attack who took the opportunity to take the data or slipped in afterwards when they saw what was going on. Or they could have been acting alone. Who knows?

What I do know is that the anons denied involvement in the PSN hacks, and I don't doubt them, I doubt Sony, and I know the Spaniards are lying, at the very least about "catching the entire leadership in Spain".

 

[protogenxl]

A DDoS attack is a lot like Milhouse. annoying, lame and easily dismissed.

 

[Baneat]

How does DDOS stand for Denial of Service? Or is it just because DOS is already used? (I know that it DOES stand for that, but I mean I don't get it.)

DDoS is more specific also

DDoS = overloading with requests

DoS can include things like cutting their power off, slicing the cable etc. etc., just anything that denies the service.

 

[Roboto]

My question is what was the IDS doing the whole time?

 

[Smooth Operator]

Simply put imagine a thousand people get sent to a bank that can service 5 at a time, it get's overcrowded and nothing gets done anymore, it essentially becomes useless.

DDoS is that with computers, they zerg rush a server and the server can't work anymore.

 

[Phishfood]

A DDoS attack is when a group of computers all repeatedly request that a webpage be loaded, thus overloading the server. They request the page very fast so the server will be overwhelmed with tend of thousands of requests.

A server can only accommodate so many requests at a time and exceeding that will block other users from accessing the cite at the very least. In more severe cases it can overload the server enough to cause a crash or even physical overheating in poorly ventilated servers.

If you have any further questions I can make my Uni's lecture notes available to you.

Theres a slight detail to add to that. A Basic Distributed Denial of Service Attack uses brute force and simply overloads a server. This method requires as much computing power on the attacking end as the server, roughly. However you can exploit bugs that leave requests unresolved on the server. This way a much less powerful PC can take out a server.

Either way, these attacks are not particularly clever and are relatively easy to defeat - simply ignore the offending IP addresses in the firewall and ride it out. The problem comes when someone else notices that your server is suffering a ddos and then uses that mess to cover their attempts to crack the server and steal data. So, CCP did the right thing yesterday taking EVE online offline (I love the irony) to check everything out. I've heard people suggest this is how Sony missed their hack - it was lost in the spam of anonymous.

 

[KingsGambit_v1legacy]

See I come from a time when Dos was an operating system. I did a bit of research, and I think I understand the basics. It is a denial of service attack. And it sounds like the attacker is throwing useless info at a server to crash it. That doesn't sound all that savvy of an attack, but I could be wrong.

But is it basically like having like a bunch of people showing up to a store and blocking the entrance so the people who actual want to use the store can't get in?

That last part is a surprisingly good analogy. A DoS attack is a denial of service attack. A DDoS attack is a distributed denial of service attack. Service is denied to web sites for example by making more requests and drawing more bandwidth than the site is capable of meeting. The DDoS difference is that the attacker(s) use many machines, usually 'zombie' computers (it's an actual technical term you can google for more info on) to make requests simultaneously and overload the target system.

In your example, it is quite similar to having 200 people turn up in a small convenience store with 1-2 sales clerks, blocking the entire store and all shouting for service at the same time.

A typical attack would go:

- Attacker has target in mind and decides on a specific time/date.
- Writes program/scripts to cause zombies to begin requesting data from target system at specific time/date
- Infects as many machines as possible to install and run above script/program
- At specific time/date, all infected machines run above program/script