A Distributed Denial of Service Attack (DDOS) renders a targeted network resource or machine unavailable for use to more than one unique IP address. These criminal attacks typically interrupt or suspend an Internet-connected host’s services either temporarily or indefinitely and often target banks, credit card payment gateways and other high-profile and well-trafficked servers. More often than not, perpetrators are motivated by blackmail, activism or revenge, but sometimes display few apparent motives at all.
Entire geographical Internet connectivity regions have been unintentionally compromised and crippled by large-scale DDoS attacks without the attacker ever intending for the effects to be so widespread. Sometimes, effects play out in that fashion due to what turns out to be an assault on flimsy or poorly configured network infrastructure. Network “branches” surrounding the targeted computer may also experience problems during a DDoS, including consumed Internet-LAN router bandwidth that compromises other computers on the LAN or even an entire network. Any denial-of-service attack, including a DDoS, is likely to display one, a combination or all of the following symptoms recognized by the United States Computer Emergency Readiness Team (US-CERT):
- Unusually slow network performance while attempting to access websites or open files
- Inability to access any website
- Particular website becomes universally unavailable
- An “e-mail bomb”, an exceptional and sudden influx of spam emails
- Wireless or wired internet connection becomes disconnected
- Internet or web service access is denied for a notably long term.
- A DDoS attack is activated by potentially thousands of sources flooding the victim at one time. Blocking one IP address won’t shut a DDoS down and attacking sources often cannot be distinguished from legitimate traffic.
There are three particularly common types of DDoS attacks. A TRAFFIC ATTACK floods a system with a deluge of UDP, TCP, and ICPM packets. As a result, the system loses legitimate requests. Malware exploitation frequently follows this tactic. BANDWIDTH ATTACKS overwhelm a target with enough junk data to wipe out network bandwidth and equipment resources, resulting in a denial of service across the board. Finally, APPLICATION ATTACKS deplete network resources by way of application-layer data messages. This leaves the targeted system’s services both unavailable and vulnerable.