No announcement yet.

The Lowdown on DoS Attacks

  • Filter
  • Time
  • Show
Clear All
new posts

  • The Lowdown on DoS Attacks

    by BWorld Staff

    DDoS and Dos attacks? What are they and why are they so bad?

    DDoS and DoS attacks are two types of ‘attack’ used to bring down web servers and either directly or indirectly bring down a particular website.

    DDoS : Distributed Denial of Services
    This is where an attacker uses a very sophisticated method of flooding a website, via the Internet Service Providers pipe/connection, by requesting thousands and often millions of requests for pages or information from a particular website (or range of websites) to be served. The bandwidth required to accept all these ‘forged’ requests usually exceeds the router or pipeline capacity which chokes it, causing genuine traffic to be blocked, and eventually the web server or router has to shut down due to the overload.

    At this point the ISP will often shut the website down, by effectively cutting of the connection, stopping any traffic getting through at all. In fact the website is still up and being hosted, it is simply that no-one is allowed to see it. If the ISP cannot identify and filter ‘good’ traffic from ‘bad’ they will always shut down the IP address, which is under attack completely cutting off ALL access. They view such an attack as a potential threat to their network and therefore respond with a drastic step to ensure no other sites are affected.

    They have a range of clients large and small and hardware overload can bring their entire network down, and there are recorded cases of major ISP’s being brought down.

    The method, without giving too much technical detail, involves ‘ghosting’ or ‘spoofing’ a whole host of incoming IP addresses that appear to be making a genuine request for pages or information from a particular URL/Website. The incoming IP address they use is genuine and the owner of that IP address will probably be completely unaware that they are making the request.

    The ‘attackers’ have created a volume of traffic that exceeds the available capacity of the website under attack and often exceeds the capacity of some ISP’s individual routers.

    These attacks are high in volume and can be prolonged for many days. In fact the ‘attackers’ are able to remotely sustain the attack with little extra effort, ensuring that the website stays down.

    Protection from this kind of attack is usually in the form of a very expensive piece of hardware that the ISP has to either install themselves, or allow an individual website owner to install at a pint far enough up the connection ‘pipe’ to prevent the attacks. The hardware, when installed, filters out the ‘bad’ traffic from the good and rejects it, allowing only the genuine requests to hit the servers.

    In some cases the target of the attack is unable to technically resist the attack unless their ISP has installed the appropriate ‘filter’ hardware or allowed the individual site to do so.

    Some more of DoS attacks are more easily handled, but often the sophistication of the attackers resources means that when a website finds one ‘fix’ for the problem, the attackers switch to another method or vehicle and are often one-step ahead of the game.

    The threat is real and malicious.

    The ‘attackers’ can be anyone from ‘idle’ students of internet technology intent only on hacking to prove a point, or organised crime syndicates who demand substantial amounts of money to be transferred to accounts in far away countries, where cross jurisdictional agencies and law enforcement agencies may have more difficulty in affecting arrests and prosecutions.

    As far as this particular industry, sports betting, is concerned sportsbooks are seen to be soft targets because they operate in a very time critical/cash critical sector where downtime costs large amounts of money.
    The attacks are usually initiated at key event specific times to maximise both the leverage of the threat as well as the impact.
    In addition if a sportsbook, in an offshore location, which has a difficult position due to legislation, cannot contact a law enforcement agency for obvious reasons then they may be more likely to pay.