Please Explain DDOS Attack
I'm only a hardware and html code person, not this networking and hacking related things. I wanted to know what DDOS is, please explain it in detailed and please make the words as simple as possible. I was just interested in what a DDOS attack is since there was one on Hon only just 2 days ago.
Wikipedia is certainly an excellent reference point but it's written without an analogy. I find them helpful as they make the topic more relatable. Here's my rough version:
Imagine Alex and Beth are trying to have a conversation. Clive wants to run a denial of service attack against Alex so he simply talks to Alex constantly to the point of Beth not being able to have her conversation with Alex. So this is easily stopped if Alex starts ignoring Clive and he can have a regular conversation with Beth.
Clive, wants a better method to ruin any conversations that Alex has. So he recruits Dave and Ewan to help . Clive, Dave and Ewan now continuously talk at Alex. This is a distributed denial of service attack. If Alex was speaking to large volumes of people it would be very difficult to determine who just wanted to speak legitimately.
So relating that to a real world example, Alex could be a website and everyone else could be requesting a web page. Given enough load the web server will become slower and may crash - thus causing nothing to be served.
Sorry I was just talking about DDOS in general rather than this specific Heroes of Newerth incident.
There isn't a direct correlation to bandwidth in my example because sound isn't limited!
Bandwidth is just the "width" of the connection. Think of a tunnel and people need to walk through. Too many people and queues form and it takes longer for people to pass through the tunnel. If the tunnel is overloaded then people cannot get to the other side.
That's absolutely right it's not the number of computers; it's the number of requests in a given time period.
The literal aim of a DDOS attack is to cause a system to exceed the number of requests it can handle per second to the point of it no longer being able to respond in a timely manner or at all.
DOS is not just bandwidth, it's anything that overloads the servers to make them non-responsive.
There are three primary points to attack: bandwidth, network, or CPU.
Bandwidth is easy, you just send lots of data, it doesn't even need to have a connection established.
A "network" attack could be overloading the router to overloading the network stacks of the servers. One way to overload a server is to start a connection, but not finish it. The server, by default, waits ~60 seconds to timeout the connection. Well, if you start sending thousands of requests per second to start connections, but don't follow through, the network state tables grows really big really fast.
The CPU way is find something with the server that takes it a while to process. Lets say you have a "feature" in the web server to resize images for thumbnails and that takes a lot of relative CPU, but your web site was designed assuming that it wouldn't happen often. Well, someone figures out that requesting an image eats up lots of CPU, and they can just make a crap ton of requests and hose your server's CPUs.
Even more important that worrying about DOS attacks is SQL injection and/or cross-site execution.