A service provider we utilize was recently targeted by what is referred to as a Distributed Denial Of Service attack, or DDOS for short.
A DDOS attack involves flooding a server (or network) with so many packets of information that it renders the server inoperative. Think of it in terms of a telephone switchboard. An operator can handle a certain number of calls, let’s say five at a time without a problem. However, if a malicious individual organized five hundred people to call the same operator at the same time repeatedly it would simply overwhelm the switchboard and prevent legitimate calls from getting through.
This is exactly how a DDOS attack works. Typically it is carried out by a large number of computers infected with the same virus, designed to generate lots of network traffic and direct it at one destination. This is usually referred to as a “botnet”. Recently some organizations have actually developed tools to allow people to willingly participate in DDOS attacks. The participants download a small program and run it. This program is controlled by an organizer and is used to flood networks. In most cases the participants are all working toward the same cause. We usually see this used between political bodies, or sometimes even many individuals targeting an institution.
So, back to the original topic. The target of this massive, and it was MASSIVE, DDOS attack is a service that provides DNS for Smart Dolphins, as well as many other companies. DNS is how things are found on the internet (as well as local networks). When you type smartdolphins.com into a web browser a DNS server answers and tells your browser where Smart Dolphins hosts their website. You can imagine what happens when that DNS server is being attacked like the telephone operator in my previous example, it just won’t be able to answer. If it cannot answer, you are not going to be able to get to smartdolphins.com, or any domain or service that particular DNS server is responsible for finding.
How does one thwart an attack like this? There really is no way to prevent it, this is more a matter of lessening the impact. In the very worst cases all that can be done is to ride it out and wait for it to end. This attack while serious, was not un-manageable.
One of the first measures we had taken was to put in place additional DNS servers for domains under attack. Generally most domains have two DNS servers (a second in case one goes down). A good DDOS attack will target both DNS servers. If both go down, that’s it. By adding a third and even fourth DNS server we can avoid this, although it can take hours for the newly added servers to become active.
Due to a company we have probably never heard of being targeted by a DDOS attack we temporarily lost the DNS service we both use. By acting quickly we were able to drastically lessen the severity of the situation but it serves as a reminder that every system is dependent on many other systems.
The internet is an incredibly complex beast.