Distributed denial-of-service attack (DDoS), like any denial-of-service attack (DoS), has as its final goal to stop the functioning of the targeted site so that no one can access it. The services of the targeted host connected to the internet are then stopped temporarily, or even indefinitely.

The usual targets for DoS or DDoS attacks typically include websites hosted on high-profile web servers (such as credit card payment gateways, banks, government bodies) and most commonly, the target machine is so overwhelmed with external communication requests that it can either respond too slow, or not at all, and is considered effectively – unavailable. Even if such denial-of-service occurs for only a few hours, it almost always implies a significant loss of revenue for the targeted host.

How is the distributed attack done?

  • The attacker/hacker chooses one computer system and makes it the DDoS master
  • From the master system, the attacker/hacker begins communicating with other computer systems that can, in result, be compromised and used
  • The hacking tools available on the internet are loaded to the selected computer systems which now become controlled machines referred to as zombies or bots (sometimes there can be as many as hundreds of thousands of them)
  • Finally, with a single instruction from the master system, the attacker/hacker can have all the controlled machines launch packets at the targeted host
  • This stream of flow of the packets finally overwhelms the targeted machine, and the result is the denial-of-service, or a complete stop of all the site’s functions on the internet

It is important to note that the users of the computer systems controlled under attack (known as zombies, or bots) are usually unaware of this attack, or the intruder. However, their systems continue to be one of the biggest treats to the security on the Internet, since malfunctions of the targeted site affect users of the denied service, as well as the owner.

It is also important to note that since the packets that flood the targeted system do not originate from only one source, but from as many as hundreds of thousands of sources in some cases, the attack can not be stopped by simply blocking a single IP address.

Few examples of DDoS attacks throughout history

  • University of Minnesota computer in 1999 – it lasted for 2 days and it was deployed in 200+ systems
  • Yahoo! in 2000 – inaccessible for 3 hours, estimated loss of e-commerce and advertising revenue for only 3 hours amounted to about $500,000
  • Amazon.com in 2000 – down for 10 hours, estimated loss of revenue $600,000
  • Visa, MasterCard and PayPal in 2011 – allegedly attacked by the Anonymous
  • WordPress.com in 2011- the site serves 18 million publishers, and is responsible for 10% of all websites in the world
  • Hong Kong Stock Exchange in 2011 – disrupting stock market trading in Hong Kong, affecting hundreds of companies and individuals
  • CIA both in 2011 and 2012 – down for several hours
  • The Pirate Bay in 2012 – the most popular file-sharing website on the Internet

Major tools used in DDoS attacks

Some major tools used in common DDoS attacks have such names as Tribe Flood Network (TFN), Trin00, Stacheldraht, and Trinity, and more are becoming available on the internet.

More info: