What is Ddos attack?

Often those have servers hears this word : Ddos attack.

One of our friend recently has opened a new WordPress blog, one day he phoned me and asked, “Hey, the server company is saying it has undergone Ddos attack…you told me that Linux servers got no virus?”

Common misconceptions is that Ddos is synonymous with a virus attack. Actually Ddos means Distributed Denial of Service that can happen due to several reasons.

The greatest example of recent past is June 25, 2009, the day Michael Jackson died, the spike in searches related to Michael Jackson was so big that Google News initially mistook it for an automated attack. As a result, for about 25 minutes, when some people searched Google News they saw a “We’re sorry” page before finding the articles they were looking for. (Link to official citation from Google)

The distributed denial of service is a type of sophisticated attack to make it the network system crash in server machines in the submerging of unnecessary traffic. Several machines at once are the source of this attack (it is a distributed attack), which might or might not aim to wipe out the servers. It remains very difficult to counter or avoid. That is why this attack is a threat that many fears of.

It is not easy to guard against these denial of service attacks, because setting up the network by attacking the attacker based on the fact that many machines are not secure or not and have flaws. These faults are so numerous and secondly there are so many vulnerable machines on the Internet that it becomes impossible to prevent such attacks.

DDoS have democratized since 2-3 years. Indeed in the early days, this attack remained fairly complicated and required a good knowledge on the part of attackers, but they were then developed tools to organize and implement the attack. Thus the search process of secondary hosts have been automated. It generally seeks common vulnerabilities (buffer overflows on RPC is an example) on many machines on the Internet and the attacker eventually becomes the master (gets Administrator access) to see hundreds of thousands of machines are not protected. He then installs the client side for the attack and also trying to cover and surface up his back tracking (corruption of log files, installing rootkits).

It is interesting to note that victims in such attacks are not just those who suffer denial of service, all secondary hosts are also compromised machines to the highest level (root access), as the master host.
The threat comes from the fact that tools automate the process have been widely circulated on the Internet.  Google search now denies to show search results and throws a RECAPTCHA when multiple request (it is really big number) comes from a single I.P. address at the same time.

Many technical things are there to write, it will be a overdoing to write such in this blog, you can search Wikipedia for Technical classification.