What Exactly is a DDOS Attack?

It was in early 2000 that most people became aware of dangers of distributed denial of service (DDoS) attacks when a series of them knocked such popular Web sites as Yahoo, CNN, and Amazon off air.

It's been almost four years since they first appeared, but DDoS attacks are still difficult to block. Indeed, if they're made with enough resources, some DDoS attacks - including SYN (named for TCP synchronization) attacks - can be impossible to stop.

No server, no matter how well it's protected, can be expected to stand up to an attack made by thousands of machines. Indeed, Arbor Networks, a leading anti-DDoS company, reports DDoS zombie armies of up to 50,000 systems. Fortunately, major DDoS attacks are difficult to launch; unfortunately, minor DDoS attacks are easy to create.

In part, that's because there are so many types of DDoS attacks that can be launched. For example, last January, Slammer worm targeted SQL Server 2000, but an indirect effect as infected SQL Server installations tried to spread Slammer was to cause DDoS attacks on network resources, as every bit of bandwidth was consumed by worm.

Thus, a key to thinking about DDoS is that it's not so much a kind of attack as it is an effect of many different kinds of network attacks. In other words, a DDoS may result from malignant code attacking TCP/IP protocol or by assaulting server resources, or it could be as simple as too many users demanding too much bandwidth at one time.

Typically, though, when we're talking about DDoS attacks, we mean attacks on your TCP/IP protocol. There are three types of such attacks: ones that target holes in a particular TCP/IP stack; those that target native TCP/IP weaknesses; and boring, but effective, brute force attacks. For added trouble, brute force also works well with first two methods.

The Ping of Death is a typical TCP/IP implementation attack. In this assault, DDoS attacker creates an IP packet that exceeds IP standard's maximum 65,536 byte size. When this fat packet arrives, it crashes systems that are using a vulnerable TCP/IP stack. No modern operating system or stack is vulnerable to simple Ping of Death, but it was a long-standing problem with Unix systems.

The Teardrop, though, is an old attack still seen today that relies on poor TCP/IP implementation. It works by interfering with how stacks reassemble IP packet fragments. The trick here is that as IP packets are sometimes broken up into smaller chunks, each fragment still has original IP packet's header as well as a field that tells TCP/IP stack what bytes it contains. When it works right, this information is used to put packet back together again.

What happens with Teardrop, though, is that your stack is buried with IP fragments that have overlapping fields. When your stack tries to reassemble them, it can't do it, and if it doesn't know to toss these trash packet fragments out, it can quickly fail. Most systems know how to deal with Teardrop now, and a firewall can block Teardrop packets at expense of a bit more latency on network connections, since this makes it disregard all broken packets. Of course, if you throw a ton of Teardrop busted packets at a system, it can still crash.

Let’s make a new year’s resolution together, you and I. Let’s promise to back up our computers. It’s important, I promise. Just yesterday automatic backup feature in MS Word saved me about an hour’s work when my computer froze up. Given that I haven’t backed up my computer in almost a year, I can’t even imagine how much data I’d lose if I suffered a power surge or hard drive failure. It can happen to best of us, and often does. Even high end hard drive manufacturers report an average failure rate of between five and eight per thousand every year. That may not sound like much, but let’s face it, somebody has to be those five to eight people. Feeling lucky? There are about 185 million household PCs in U.S., according to Computer Industry Almanac, so that means about 150,000 hard drives fail each year. But even if your drive stays intact, about a tenth of all computers suffer minor data loss in any given year. A power surge, magnets in your home stereo speakers, or even an accidental nudge can affect data storage. According to a report from ONTRACK data recovery service, data loss can be caused by natural disasters (3% of cases), computer viruses (7%), software problems (14%), and plain old user error (a whopping 32%). Now, I’m sure you never hit a wrong keyboard button, but do you have a button on your computer that prevents a bolt of lightning? I didn’t think so.

WHEREAS our data is important, and disaster can befall even most noble and undeserving of us, BE IT RESOLVED that you and I shall back up our computer files forthwith.

Amen, brothers and sisters. Now, where and how do we start?

STEP ONE: Choosing Favorites

Not all files are important enough to preserve for posterity. The most critical files on a computer are its operating system files. If you’re a good little consumer, you bought operating system and kept those CDs handy and secure from data loss. If you’re not, then remind yourself to go stand in corner later. The drones at Microsoft did not work for years just to watch you steal their work. It’s people like you that keep Bill Gates from buying his second planet. Now that you’ve been suitably chastised, either go buy a legal copy of operating system, or include necessary files in your “must back up” list.

The same principle goes for software applications. Maybe you bought an ad and spyware blocker you really like, but company that coded it has since gone out of business (perhaps because other consumers weren’t as scrupulous as you). If so, include files you need to run app in your must list.

Now it’s time to look at remaining files on your computer and prioritize. If you’re not a digital packrat like me, it may be possible to save everything. If so, congratulations. I don’t have ten gigabytes of portable media at my disposal, so when I back up my computer, I’ll be leaving a few gigs of MP3s and questionable Windows Media files at risk. One of first things I will save is folder I use to save my writing assignments, because that data represents money in my pocket. I’ll back up my email address book, plus my digital photography and fiction writing efforts. I can live without “Milkshake” (what was I thinking?), but guitar piece my friend recorded and sent to me is going on list. Your results may vary.

STEP TWO: In Which I Tell You Where You Can Put It

That’s right, this is section in which I’ll tell you where to store your data. It’s not a good idea to put backup files on another drive on same computer. That defeats whole purpose. Duplicating your files on another computer in same LAN is almost as risky, because computer viruses can spread as fast as an imaginary Anna Kournikova JPEG. You need to find a portable storage medium that can hold all files on your must list. Your options include floppy diskettes, portable hard drives, optical drives, tape drives, and remote servers. We’ll look at each in turn.