DDoS attack (Distributed Denial of Service) is a distributed attack that puts a load on the server and leads to system failure. Under such conditions, users cannot access the site or web service, and project owners can lose profits.
The popularity of DDoS attacks is since it is extremely difficult to determine the executor as requests come from different IP-addresses. These can be hacker groups hired by competitors or malefactors who engage in blackmail. Most often, such attacks are used when it is impossible to hack a system or server.
DDoS or Dos?
Despite the similarity of abbreviations and common negative connotations, these two terms have a different approach and level of threat. The purpose of DoS and DDoS is to create conditions under which users will not be able to access the service.
The difference between DoS (Denial of Service) and DDoS (Distributed Denial of Service) is the way traffic is increased. So in the first case, the attack is carried out from one computer, in the second, many of the devices are involved. DDoS attacks are more difficult to detect because they are launched from different locations and have different IPs, so the victim cannot determine the source of the attack. Another key difference is the size of the attack used since DDoS attacks allow an attacker to send large amounts of traffic to the target network.
The flood of the Internet channel with useless traffic creates a large number of requests to the system or server, due to this, its resources are quickly exhausted, which leads to disconnection or incorrect operation. There are several types:
- HTTP-flood and Ping of Death are some of the simplest and most accessible types of attacks: using ping requests to the victim's computer with a smaller Internet channel. HTTP flood is used for servers, an HTTP packet is sent, to which the server sends response packets exceeding the size, thereby reducing the server's bandwidth.
- ICMP-flood is an attack using an ICMP packet, which, through an amplifying network, can disable any computer or server if the size of the network includes a large number of computers.
- SYN-flood is an attack in which the attacked server receives fake SYN requests with a fake source IP address at high speed. The SYN flood infects the server, taking up the entire memory of the Transmission Control Block (TCB) table, typically used to store and process incoming packets.
The first serious attack occurred in 2000. The victims were the servers and sites of eBay, Amazon, CNN, and Yahoo. The culprit was a self-written program created by a 15-year-old hacker enthusiast. A malicious algorithm called Sinkhole flooded the victims' machines and crashed them.
The once-popular "Ping of Death" used the ping command to flood. To cause a DDoS server, the packet size was artificially increased to 65535 bytes. The peak of the popularity of such an attack occurred in the 90s when checking the size of incoming packets was not yet common in server software. As a result, the throughput channel was clogged and the resource became unavailable.
In 2013, as a result of a conflict between the Dutch hosting provider Cyberbunker and Spamhaus (an organization that compiles spammer lists). CDN Cloudflare took the first blow, then the malicious traffic switched to its providers. The channel load was 300 Gbps.
In the context of crypto
Despite all the threats, the decentralized approach of blockchain technology has a strong defense against this type of attack. The nodes in the network can be restored after the attack and continue to work after resynchronization and data loading.
The degree of protection is largely determined by the number of nodes and the hash rate of the network. If we are talking about the most popular cryptocurrency, Bitcoin, we can highlight the reliably protected and safe network. A consistent Proof-of-Work (PoW) algorithm ensures that all network data has strong cryptographic proof protection. Any change requires the entire structure to be disbanded, which is almost impossible even for the most powerful computers.