What is a DDoS attack (Part 1)

25 januari, 2013

DDoS attacks have become increasingly common and received considerable (media) attention in Sweden. In the past year the Government Offices and the Armed Forces were subjected, among others. But what exactly is a DDoS attack? In the first part of our series of articles we tell you what DDoS means and what an attack actually is.

Tripnet _DDOS_02

Distributed Denial-­of-­Service

DoS is short for Denial-­of-­Service and means that an attack is made against a computer system in order to prevent proper operation of the system. If the attack occurs from multiple computers at the same time it is called DDoS, Distributed Denial-­of-­Service.

Different types of DDoS attacks

DDoS attacks can be divided into two groups:

• Flood attacks

Flood attacks work by initiating traffic flooding to overwhelm the server’s resources. Attacks may also be done by exploiting inherent vulnerabilities, such as defects in software, to crash the affected server. Attacks often use large distributed botnets -­ infected computer networks. This way multiple connections can be created to send lots of requests, in order to overload and disable the web servers.

Some common names for flood attacks are ICMP floods such as Smurf and Ping, SYN floods using fake TCP/SYN packet, and floods at application level.

• Crash attacks

Crash attacks often send damaging packets, which use bugs in the operating system in order to crash the systems. This occurs, for example, through so-­called ”buffer overflows”, where a program is trying to save more information than it can handle, or through ”fork bombs” which start up a large number of processes, disabling the system’s functionality. Attacks with this type of harmful code may infringe the potential botnet system using a Trojan horse -­ a disguised program of latent virus. It triggers the download of a zombie agent that enables centralized control of the computers.

How a DDoS attack may occur

A DDoS attack can occur with or without intent. In some cases, all involved are fully aware that they are participating in an attack. It is then a group of people that directs a large amount of data traffic onto a single site, in order to crash it.

In other cases, it may be one attacker that controls centrally from a botnet that he or she consciously infects with a computer virus or a Trojan horse. These networks often consist of thousands of computers, spread across the world. The computer owners are then completely unaware that their computers are infected and involved in an attack.

It also happens that attacks occur automatically, without intent. If the recipient has an Internet connection with less capacity than the user, an attack can be carried out by completely normal traffic, for example, a request on a large number of random large files from a web server.

The consequences of a DDoS attack

Signs that your business has been exposed for a DDoS attack is that your website is extremely slow to load or that the website simply is not available -­ it has crashed. The consequences could be a nightmare scenario for many companies, such as banks and online stores involved in e-­commerce, as companies and not least the customers are totally dependent on a continuous functional communication through the website.

DDoS attacks have become increasingly common on the Internet in general, but at Tripnet we also notice an increase of attacks against our customers. DDoS attacks are illegal and it is often difficult to identify who carried out the attack. Regardless of whether the attacks are illegal and intentional or not, it is important to be prepared.


Martin Dohmen, Technical Director

In the second part of our series of articles we will discuss how to handle different types of attacks and how Tripnet can help protect you and your company, so that you can feel safe. Learn also about Tripnet’s security solutions and the importance of backups. Keep an eye on our blog!