A
denial of service attack that uses two or more sources to flood the
victim with data, the goal usually being to saturate the victim's
network bandwidth or cause their
machine to waste precious processor cycles dealing with the influx of data.
These days, distributed denial of service attacks (DDoS) are extremely common. Major corporations and popular websites are primary targets. Sadly, the only reason DDoS attacks aren't completely preventable is that so many operating systems have implemented the UNIX Sockets TCP/IP stack, which unnecessarily allows extremely low-level access to the network core via raw sockets. Using raw sockets on a system with a UNIX Sockets TCP/IP stack, any halfway-competent programmer can spoof (fake) his/her source IP address. This means the programmer can make IP packets look like they're coming from somewhere they're not, which makes it difficult to trace or effectively block a DDoS attack.
When a cracker or script kiddie feels like launching a DDoS attack, there are just two simple steps they have to take:
- Install trojans on lots of unsecure machines. This is usually done by exploiting known security holes in operating systems or software. Once the trojan is installed, it can report back to its owner and wait for a signal. These machines are known as zombies.
- When enough zombies have been infected with the trojan, a single command can be sent that will tell all the machines to begin sending packets to a victim's machine.
This massive amount of traffic, originating from multiple sources and all targeted at one machine, can completely saturate even the biggest Internet connections. Since each source machine is only sending a small amount of data, their bandwidth requirements are very low. But when all these packets hit the target at once and keep on flooding in, it can wreak havoc.