Following the recent attacks of the PSN and the XBL, it seemed important to us to deepen the subject, and to try to explain what DDOS is. With this in mind, we will try to be as precise as possible to understand the ins and outs of this method. But let’s be clear, we won’t teach you how to launch an attack like this.
What is a DDOS attack?
An attack of this type aims to bring down one or more servers, sending a ton of connection requests. To put it simply, let’s make a parallel: Imagine that the server is a sink that lets a certain volume of water flow. Here, the DDOS would have the effect of adding additional taps, until the sink overflows.
In computer science it is the same thing. The hacker through his “zombies” (we will talk about it in the next chapter) sends requests continuously, over several hours or even days until the server is saturated and can no longer accept connection requests. The consequences are the outright shutdown of the server (s), which will require the service provider to purge them in order to put them back into operation (to resume the sink parallel, we close the main valve and empty the tank entirely) .
a very large attack can send requests of several terabytes
It should also be understood thata very large attack can send requests of several terabytes, continuously for days. This greatly undermines the servers, however large they may be, even if they are equipped with an anti-DDOS system.
In DDOS, we talk about Zombie
The very principle of DDOS, even if it seems simplistic to most of you, is more complex than it seems. In practice, it takes a certain level of knowledge to launch an attack of a certain magnitude. Yes, it is easy to attack a server alone using one of the software designed for, but the impact is perfectly insignificant and works on small infrastructures such as a blog or an amateur web page. To go beyond these limits, DDOS must be perfect. To do this, you need strong hacking skills, and zombies. But wait, ZOMBIES ???
Yes, you read that right ! What we call zombie in the field of hacking is actually a computer infected by a trojan horse which aims to respond to the hacker’s requests.
To put it simply, let’s say that to launch a coordinated attack, all it takes is one or more hackers who have under their command several remote PCs infected by their programs. Thanks to this configuration, each hacker can send requests to remote machines to “swing” packets to a specific target. You will thus understand that the larger the fleet of infected systems, the more effective the DDOS is.
you need strong hacking skills, and zombies
How to protect yourself from DDOS attacks?
There are indeed solutions to counter a DDOS attack, as our host MODEL FX explained to us in a short interview (Telco = Telecom Operator)
JVL: Do you have a way to counter DDOS attacks, and if so, by how much?
MFX: Currently, we are using a NetFlow based solution that can filter up to 40G.
JVL: What solutions exist to counter these DDOS attacks?
MFX: Or a solution based on the measurement and filtering capacities of the core and peripheral network equipment (NetFlow, sFlow, etc.) inside the host’s network and which can represent a similar filtering capacity total network capacity (if well designed), either “cloud” solutions like CloudFlare (variable capacity depending on the providers, and generally reserved for small volumes), or specialized solutions like Arbor PeakFlow. Usually the Telco choose this last solution because it makes it possible to filter large capacities on extended networks and to preserve the economies of scale which are the strong point of these structures.
JVL: Do you have a “dedicated” service for this particular problem or is it lost in the crowd?
MFX: For our managed hosting clients, we have chosen to include this service in the overall service.
If we adopt the Arbor solution (which would be provided to us by a Telco, because our network is too small to really take advantage of it, not to mention the cost) it is planned to increase the monthly price by a few euros, (more or less, depending on the value of the relevant offer). Arbor PeakFlow is a system which makes it possible to process very large quantities of flows and to deliver “cleaned” traffic to a client, so it seems more logical to us, on our scale, to subscribe this service to a Telco which will be able to absorb large volumes of “dirty” traffic while delivering “clean” flows to us on a much smaller capacity link.
The alternative is to oversize our network, but there is always a DDOS bigger than its network, as the news regularly reminds us. Personally, it seems to me more economical to delegate the arms race to the Telcos and to concentrate on the system.
there is always a DDOS bigger than its network
DDOS: The last word
In the end, it turns out that there is currently no miracle solution against DDOS, attacks always succeed even if it takes days. The solutions provided by all these entities are therefore perfect for small-scale attacks, but rather pale in front of a coordinated and large-scale attack.
It’s hard to imagine that this will only be a bad memory in the near future, as hacker techniques evolve over time, and despite constant advancement in the field of anti-DDOS protections, there is no guarantee that pirates will ultimately not achieve their ends.
History has repeatedly shown us that hackers have always found a solution to bypass any type of protection, and even world-class companies have “shown” us that no system is ultimately inviolable. .