Question about a DDOS attack

ComputerWhiz305

Distinguished
Jun 25, 2014
178
0
18,710
So, I've never actually witnessed a DDOS attack, so I have a question about them. If a website server is DDOS attacked and the website becomes inaccessible, is it normal to be able to ping the website using the command prompt with no issues?

I would assume that it's normal, since I would assume that the DDOS attack would impact port 80 or 443, not an ICMP ping. Is that correct to assume?
 
Solution
Not likely since it is the IP that is flooded not the port but you never know there can be load balancers in the path that send different types of data to different servers.

Still a website is not some single thing anymore. This site for example is replicated via ackamai in a number of data centers from what i can tell. These hosting companies can easily fail a site between data centers if one has a problem.

DDOS is a known risk and the larger companies have designed some level of defense against it.

I've not witnessed one either from an administrator's stand-point. I am a student and here's my understanding.

Different types of DDoS attacks exist, one being a Ping Flood while another a SYN Flood attack among many others. No matter the type, the network bandwidth and/or hardware resources of the targeted web server can become overloaded and simple ping requests can be delayed and/or time out. So it would not be correct to assume that ICMP would not be affected by a DDoS attack. Not all DDoS attacks directly target port 80, but HTTP does become affected and is denied service requests due to the web server and it's resources being overloaded with traffic.

Would it ever be possible to ping a web server under a DDoS attack? I'm sure that depends on how successful (or unsuccessful) the attack.
 
Most DDoS attacks are brute force bandwidth attacks. Modern firewalls protect against most other forms of attack that use less bandwidth. Use to be you could attempt to over utilize memory buffers with stuff like half open sessions but with the increase in memory and software that recognized this attack it causes little to no impact.

So if someone is sending a bunch of traffic to port 80 it will have a impact on all traffic including ping.

It is getting harder and harder to do DDoS attacks. As companies move their servers to the cloud...ie shared data centers..rather than there own the bandwidth required is huge. It is not uncommon for the servers to have 10gbit ports and the data centers to have multiple 40g or 100g links to the internet. DDoS attack have historically been many 1000s of compromised machines sending the data. The limitation has always been the upload bandwidth of all these machines since most are compromised machine in peoples home on residential broadband plans. If you were to compromise some large server it is not too hard for the ISP to block a handful of ip addresses causing the problems in their router. The only way DDOS works is to have such a huge number of machines you can not block them all.

Now it is not to hard for the idiot teenager to borrow daddy credit card and rent a DDoS botnet to attack someones home internet connection. The problem is these botnets are valuable and the more you use them the more likely machines in the network will be detected and patched. This is part of the reason for the cost to rent these networks so few people can afford to pay for a long term attack.
 

ComputerWhiz305

Distinguished
Jun 25, 2014
178
0
18,710
Thank you both for your answers. I asked the question in relation to a website that claimed that they were under a DDOS attack, but I was able to ping their server without any issue.

However, now having thought about it further, I would assume that they are renting a web server from a third party that likely doesn't just host their content. With that in mind, I suppose you would probably be able to ping the server without any issues because the server itself is not flooded, just the bandwidth restriction that portion of the server is allowed to use.
 
Not likely since it is the IP that is flooded not the port but you never know there can be load balancers in the path that send different types of data to different servers.

Still a website is not some single thing anymore. This site for example is replicated via ackamai in a number of data centers from what i can tell. These hosting companies can easily fail a site between data centers if one has a problem.

DDOS is a known risk and the larger companies have designed some level of defense against it.

 
Solution

TRENDING THREADS