What is a Distributed Denial of Service (DDoS) Attack
Today there has been a major distributed denial of service (DDoS) attack on the internet. Targeting specifically the DNS (domain naming service) servers that help route Internet traffic to various sites. Specifically, Dyn a large DNS service provider. You can read updates on their site at https://www.dynstatus.com/incidents/nlr4yrr162t8
“Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.”
Gizmodo reports some major websites that have been affected. http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835
NBC News reports a second attack is feared. http://www.nbcnews.com/tech/tech-news/massive-cyberattack-knocks-out-major-east-coast-websites-n670671
How does a DDOS Attack like this one work?
First, you need to understand a basic component of the Internet. When you go to view a website, your computer needs to look up the IP address (18.104.22.168) for the friendly name you put in your browser i.e. www.yahoo.com. To do this, your computer queries DNS or domain naming service servers for the IP address or addresses associated with the URL you provided.
Once your computer gets the IP address, it can then access the website. All applications and browsers that use URLs i.e. www.yahoo.com need to look up the IP address for that particular URL.
In comes the hackers or bad guys. For periods of time, the hackers will infiltrate and infect computers all over the world. Some of the computers are in corporate networks, some are on university campuses, some are even in our homes.
Hackers implant the computers with control modules that will allow the hackers the ability to remotely control those computers. All of the computers a hacker remotely controls is called a botnet. The botnet can be small or very large and global in scope.
Once a hacker has enough bots under his or her control, he or she can have every one of those computers send DNS queries to the servers flooding them with traffic.
When regular users attempt to query DNS for and IP address to a website, the query is lost in the flood of traffic and is often just lost in the chaos. Users then are not able to resolve the IP address for a website, and it appears as if the Internet is down.
Note that in this type of attack the website servers are never attacked directly. People just can’t find them. Also, note how important is is to keep your computers and devices up-to-date and free from malware so that your devices are not part of the problem.
Update: since I posted this article new information has become available. It appears a large number of the machines that were part of the bot net were IoT (Internet of Things) devices.