DDoS – what’s that?

I’m sure that if you’ve been watching the news recently, you’ll have heard the phrase DDoS, which stands for Distributed Denial of Service. It sounds fancy and complicated, but it’s actually pretty straightforward.

Let’s start at the beginning. A website is typically nothing more than one (or several, perhaps up into hundreds for some big companies) servers which all publish specific web pages. These may link back into the company that runs them, but that’s not important for our purposes. These servers are, unsurprisingly, called webservers, and again for simplicity we’ll just assume that a website only has one webserver.

If you had one computer that was constantly sending lots and lots of messages to the webserver, for example trying constantly to open multiple pages at a rate of hundreds or even thousands of requests per second, until it couldn’t cope with all that web traffic and stopped working, that would be called a Denial of Service attack, or DoS.

You can imagine that this would be straightforward to do as you would only need access to one machine, an internet connection and the relevant software.

A DDoS attack is very similar, except instead of using one machine to attack the server, multiple machines are used to  attack it.

These can be anywhere in the world, and are typically recruited by the bad guys to perform the attack as part of what is called a botnet. This is just a term for a collection of machines which are connected to the internet and which are being controlled from a single source. The way they are recruited is typically through the use of viruses and other malware (“bad” software), which then listen out for messages from their controller machine. This is called a Command and Control structure, and there may be a hierarchy to the structure, a bit like you find tiers of management in large companies. The owners of those machines typically have no idea that this is happening, and the problem is now exarcebated by the involvement of machines other than laptop and desktop computers. These are other devices connected to the internet which may include fridges, cookers, kettles etc – this is the Internet of Things. I’ll write a separate post about IoT in the future,  it for now it’s enough to know that these devices can be added to a botnet relatively easily.

In a DDoS attack then, the constituent machines in the botnet are ordered to attack a specific website or webserver on a specific date and time, by trying to access one or more pages at the same time as all the rest. When they all do that, the website may not be able to handle so many requests, and stops working.

Scary stuff, huh? Try not to worry too much about it though, because there are ways to reduce the risk of this happening, from hardware and software which recognises the attack to hosting the website in different locations, to buying services from companies which specialise in preventing such attacks.

You can also play your part in reducing the scale of botnets by practicing good cyber hygiene: make sure you use a reputable antivirus product and ensure it is update regularly; apply patches frequently; change your passwords regularly; and don’t click on email attachments or links which you weren’t expecting or from sources you don’t know.