Major websites including Twitter, Pinterest, Guardian, Business Insider, CNN, HBO Now, New York Times and Fox News (to name just a few) were down for quite some time due to a DDoS. This is a confirmed/unconfirmed list of major websites that were down due to the DDoS attack in the US and Europe:
- Big cartel
- Business Insider
- HBO Now
- Iheart.com (iHeartRadio)
- Playstation Network
- Squarespace Customer Sites
- Starbucks rewards/gift cards
- The Verge
- Urbandictionary.com (lol)
- Wix Customer Sites
- Zoho CRM
- Credit Karma
- Fox News
- New York Times
- Elder Scrolls Online
- Eve Online
- Speed Test
- Blue Host
- Survey Monkey
- Paragon Game
This is being considered as one of the worst Internet outages in the history, and many are claiming that it is just the beginning. There might be many such attacks soon and technology experts are saying that this was just a small precursor.
What is a DDoS attack?
A DDoS attack stands for “distributed denial of service” attack. Whenever you access a website you request information from it. The server needs to provide that information to you. This is called a client-server interaction. When a website’s server is giving you information its resources are being used. For example, at this moment you are visiting TechBakBak.com and reading this blog post. When you accessed this blog post from your browser you sent a request to fetch the information and the server responded by providing that information. In the process, the server had to allocate a small chunk of its resources to your request. This chunk of resources is very small for a single request. The more requests the server gets, the bigger is the chunk of resources the server needs to use. What if millions of people suddenly hit TechBakBak.com? Obviously it’s resources will be constrained and beyond a particular point it may not be able to serve requests and hence, generate a “denial of service” response while it is providing service to requests it can at the moment. So if the server can serve 10,000 visitors at the time and there are 15,000 visitors trying to access the website, 5000 people are getting the denial of service response.
Here is a nice video explaining the recent DDoS attack in the US and Europe:
So a DDoS attack is made by sending millions of requests from different machines and IP addresses in such a manner that the server cannot handle the requests and the genuine people who are trying to access the website get the denial of service response. All the resources are being used by machines sending traffic to the server and there is so much traffic that there is no scope of serving the human visitors. This is how DDoS attacks are mounted. Bots are used to send huge amounts of traffic to the websites so that all the resources are consumed and no resources remained to serve human visitors. DDoS detection prior to a full-scale shutdown can reduce the interruption for the website.
How was the recent DDoS attack in the US and Europe able to affect so many websites?
So how big was the recent DDoS attack? Very big. As you can see above, major websites were impacted. But how could such a DDoS attack be mounted on so many websites at the same time?
Normally DDoS attacks happen on individual websites. For example, if a person or an organization wanted to take down Twitter they would mount a DDoS attack on Twitter. Similarly if someone wanted to take down TechBakBak.com (please don’t) they would mount a DDoS attack on TechBakBak.com.
This time the DDoS attack was mounted on Dyn, a major DNS provider. Dyn is a New Hampshire-based Internet company that provides a service called domain name systems two major websites that were impacted by the recent DDoS attack. DNS (domain name system) acts like a phone book. When you are visiting websites you’re actually visiting IP addresses. These IP addresses are combinations of various numbers and it would be difficult for you to remember these combinations. These IP addresses are associated with website URLs. When you are visiting TechBakBak.com you’re actually visiting a certain IP address but it would have remembered the IP address if you can remember TechBakBak.com. DNS is the technology that associates real world domain names with their cryptic IP addresses. That’s one thing.
When you are hosting, a website’s data isn’t confined to a single server. For example, currently TechBakBak.com is being hosted by GoDaddy. So it isn’t like there’s a big building on a big data farm somewhere and all the files from TechBakBak.com are there. No, these days servers are distributed. Small chunks of your data might be stored on different servers all over the world (for example, GoDaddy might be storing TechBakBak.com content on multiple locations in different countries). All these different servers may have different IP addresses and they need to be connected to the right website.
This is what Dyn does: it assigns the correct IP addresses to the domain names. It tells the Internet which IP addresses to get information from on a website is accessed. It also means if Dyn goes down, it cannot provide the service of directing people to the right IP addresses and all those websites that depend on Dyn for this may also become inaccessible. If different websites are the different leaves of a tree, the branches are the connection, then the trunk of the tree can be compared to Dyn. If someone cuts the trunk, the entire tree collapses.
Are such, or more similar attacks expected in the future? Yes.