Skip to content

What is a DDoS attack, how is it stopped and served as a means of protest?

22 mayo, 2021

DDoS attacks have been the order of the day lately. After the closure of Megaupload, the Anonymous collective took down the sites of the US Department of Justice and Universal, among others, using this technique.

But, What is a DDoS attack really? How does it affect the server, and what effects can it cause? Is a DDoS attack effective as a means of protest? In this article we will try to explain these issues in a simple way.

What is a DDoS attack?

DDoS stands for Distributed Denial of Service. The translation is “distributed denial of service attack”, and translated again means that the server is attacked from many computers so that it stops working.

But even so this does not guide us much about what a DDoS is. To explain it I am going to resort to a simple analogy in which our server is an assistant who attends people at a window.

Our assistant is very efficient and is able to attend to several people at the same time without losing his hair: this is his normal load. But one day they start to arrive hundreds of people at the window to ask our assistant for things. And like any normal human, when there are many people nagging him, he cannot attend to everyone and begins to attend slower than normal. If even more people come, they will probably end up blowing their nose, will leave the window and no longer attend to anyone else.

The same thing happens on the server: when there are too many requests it runs out of resources, hangs and stops working. It may turn off outright or just stop responding connections. Either way, the server will not return to normal until the attack stops, either because the attackers have stopped or because illegitimate connections have been blocked (we will see later how), and everything that has been left is rebooted. to function.

This is the basic concept of DDoS, although can be modified to be more effective. For example, data can be sent very slowly causing the server to consume more resources for each connection (Slow Read is an example of this type of attack), or the packets can be altered so that the server waits indefinitely for an IP response. false (the technical name is SYN flood, and you can know more about it and how it is mitigated here).

How is a DDoS attack carried out?

Since the basic concept of DDoS is simple, carrying out the attacks is relatively easy. In fact, it would be worth having a large enough number of people continually reloading the web to throw it away. However, the tools that are usually used are somewhat more complex.

With them you can create many simultaneous connections or send packets altered with the techniques that I commented before. They also allow modifying the packets by setting the source IP a false IP, so that they can’t detect who the real attacker is.

Another technique to carry out DDoS is to use botnets: computer networks infected by a Trojan and that an attacker can control remotely. In this way, those that saturate the server are people’s computers who does not know that they are participating in a DDoS attack, making it more difficult to find the real attacker.

How does a DDoS affect a website?

It depends on the attack and the server. Servers can be protected against these attacks with filters that reject badly formed or modified packets with false IPs, so that only legitimate packets reach the server. Of course, the measures are not infallible and the server can always end up saturated if the attack is massive enough and it is well prepared.

To give you an idea of ​​the volume necessary for a DDoS to be effective, below you have a graph that represents the traffic of a server over time. The traffic during the attack (in green) is so large that normal server traffic is hardly noticeable.

An example of the traffic received in a DDoS attack

And what happens when the server becomes saturated? It just becomes unavailable for a while until the attack stops. It is very difficult for physical damage to the server. In addition, DDoS by itself does not allow access to the server: for this it is necessary to take advantage of some vulnerability, and that is not easy at all.

So basically a DDoS it can only cause the website to crash, nothing more. Depending on the type of website this may or may not be a catastrophe. If the website generates money (online sales, advertising), the owner stops making money while that website is down. Imagine the losses that Amazon can have, for example, if its page is down for a day.

But, What happens when the page is simply informativeHow can those of public institutions be? The truth is that not much happens. The institution does not depend on the web to function. Instead, internal networks are usually used that are not accessible from the Internet, only from within the institution itself, so they are not affected by the attack. The only thing that happens is that anyone who wants to see some information on that page will have to wait a while for it to be available.

This inevitably leads me to ask myself the following question: Do DDoS serve as a means of protest? The answer depends on the person, but I have my position quite clear: they do not work.

We have already seen that on non-commercial websites a DDoS has a very limited impact. The institution is not bothered too much and since it does not require too many people to carry out the attack, they will be able to say that it is a “minority group” that is protesting.

But it is not only that they do not produce many positive effects: produce negative effects. People outside the Internet tend to associate “computer attack” with “hackers” and these with “dangerous people.” By giving this association a little field, it is very easy to disqualify the protests without arguments, because who is going to support, debate or listen to “dangerous people”?

Furthermore, this type of protest could be described as “violent”: it is a direct attack after all. And as always happens, if you protest in this way against an initiative, those who support it they will refuse to listen to you.

For this, I believe that DDoS should not be used as a form of protest. There are far better, more ethical, and more effective ways to protest. The recent blackout against SOUP or the #manifesto in Spain against the Sinde Law are two examples of initiatives that have been more successful than attacking web pages.

Image | Openfly | The Planet