The Distributed Denial of Service (DDoS) attack is becoming the crowbar of the online criminal. In the past we have got rather used to DDoS attacks being one of the favoured approaches of hacktivists, with perhaps the Low Orbit Ion Cannon (LOIC) and later the High Orbit Ion Cannon (HOIC) as used by Anonymous to take down sites being the best known examples. However, recent evidence suggests that taking down a site is increasingly no longer the be all and end all of a DDoS attack, instead it's just a means to a much more profitable end.

A couple of weeks ago I reported how a Bitcoin bank robbery took place under the smokescreen of a DDoS attack. I've now learned that a DDoS attack on another Bitcoin-related site, the Bitcointalk.org online forum, could also have been implemented as a smokescreen tactic. Information Week reports the site was actually targeted for a password-stealing exercise with some 176,584 users login credentials at risk.

Indeed, as TK Keanini (CTO at Lancope) points out there is an established marketplace out there selling the DDoS capability to anyone with the cash, and relatively little of it is needed to attack a smaller company, so the bad guys don't even need a DDoS strike capability as a core competency any more. "It is almost always the case these days that DDoS attacks leverage blended methods, where the volumetric technique is included, but not the primary objective" Keanini says, adding "this is a sign of what is to come in 2014 as more adversaries just put together a multi faceted compostable attack and instead of having to have all this expertise in-house, they will be able to outsource via these marketplaces that sell these capabilities."

Jag Bains, CTO at DDoS mitigation experts DOSarrest says that his company has been seeing DDoS attacks sending huge amounts of traffic to a website to overwhelm key points in its infrastructure to send the security team scrambling to fight it off as something of a trend. "This serves as a distraction for the security personnel and aims to weaken the underlying infrastructure" Bains explains "once the security operations are no longer cohesive, criminals can use other methods to target intrusion prevention systems to get in and steal information". All of which just goes to reinforce that maintaining the focus of core operations during a DDoS attack is an ever increasing problem for IT operations. "As DDoS continues to be used as part of a 1-2 punch in cybercrime and data theft attempts" Bains concludes "IT professionals have become stressed in keeping up with the ever increasing size and sophistication of DDoS attacks". All of which can influence an organisation to resort to what you might call non-standard, or panicked, practices to deal with the ongoing attack. Things such as disabling their IDS platform for example. Things that further compromise the overall security of the network and enable the attackers to pull off the primary attack with ease.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3 Years
Discussion Span
Last Post by robert02

Sir can you tell me how a ddos attack is done whats the thing behind it how does it happens


In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. As clarification, DDoS (Distributed Denial of Service) attacks are sent by two or more persons, or bots. (See botnet) DoS (Denial of Service) attacks are sent by one person or system. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Increasingly, DoS attacks have also been used as a form of resistance. Richard Stallman has stated that DoS is a form of 'Internet Street Protests’. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
- Wikipedia.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.