A denial of service can cause significant outages and downtime. In this video, you’ll learn about denial of service attacks and distributed denial of service attacks.
One way that an attacker can create problems for you and all of your users is to prevent your systems from working at all. We refer to this as a denial of service attack. The attacker is forcing a particular service to fail, and therefore, people cannot access that service to perform their work.
A very simplified form of a denial of service is an attacker that overwhelms the capability of a particular server. So instead of having a few people access a server at a time, an attacker might have hundreds or thousands of devices trying to access a system simultaneously. Or the attacker may have found a particular combination of events that causes the system to fail. This might be a vulnerability within software, or it might be a design failure in the system.
Regardless of the process used, the result is the same. The system is unavailable, and anyone who wants to access this service will find that the service is no longer accessible. Sometimes the denial of service is for the technical people to spend their time trying to resolve the denial of service issue, while at the same time, other attackers are trying to take advantage of vulnerabilities with completely unrelated systems.
And although we may be thinking that a denial of service is relatively complex and it involves a lot of different resources. The reality is that a denial of service can be relatively simple. For example, if somebody goes to the back of a building and turns off the main power, that will certainly be a denial of service.
Sometimes a denial of service, or a DoS, is something that we do to ourselves, an unintended situation that was caused by something that we did inside of our own network. For example, if you’re connecting different switches together and you accidentally connect two switches together with two separate cables, you’ll create a loop on the switch network, assuming that you’re not already running spanning tree protocol.
But if you’re not running spanning tree, you’ll find that your network will stop working almost immediately because you’ve created a network denial of service. Or maybe you’re at a remote location that has limited bandwidth to the internet, but you need to download a Linux distribution. And by doing that, you’re now taking up all of the available bandwidth over that very small internet connection.
Anyone else who needs to perform any type of function to the internet may find that it’s too slow to access, and so you’ve created a bandwidth-related denial of service. And I’ve been part of a denial of service that involved water. We had a coffee machine on the seventh floor that had a water supply, and that water supply connection broke on a Friday afternoon. No one was in the building over the weekend, and the water seeped down past the sixth floor, the fifth floor, and finally hit the data center on the fourth floor.
Fortunately, not a lot of systems were affected, but there were some outages caused by this water-based denial of service. Attackers that are using a denial of service are not commonly attacking with a single system. Instead, they will use multiple systems that are often located around the world. We refer to this as a distributed denial of service or a DDoS. Advanced forms of a DDoS might involve an entire botnet.
There might be millions of devices infected with the same malware around the world, and that malware allows the attacker to send messages to all of these devices and have them perform different functions. Imagine having 3.6 million devices around the world infected with the Zeus botnet. The people that are managing that botnet can now tell all 3.6 million devices to begin attacking one single device on the internet.
The worst part is that the people who are participating in this botnet may have no idea it’s even occurring. The botnet is running in the background of people’s computers, and those machines are effectively zombies. They are under the control of the person running the botnet, while at the same time still acting as the main computing system for that user.
Some types of DDoS attacks can be identified by the information inside of a packet. And if all of those packets are very similar, you may be able to filter that packet at your firewall. Some internet service providers have DDoS prevention systems in the core of their internet service provider network, so your ISP may be able to enable that DDoS mitigation and prevent that traffic from reaching your local network.
And some companies on the internet specialize in preventing these types of attacks. A good example is the reverse proxy capabilities at CloudFlare, where a customer can turn on DDoS prevention and stop all of those attacks from reaching their local servers.