May 23, 2013 by The Interwebz
DDoS attacks come in many names, and many forms. DDoS stands for Distributed Denial of Service. A denial of service attack works by sending traffic to a website or server up to the point it can no longer handle the traffic, at that point it goes offline.
DDoS attacks rely on exploiting the way the internet works. You see, when you use your computer to visit a site on the web, your IP address communicates with the website, and in turn, the server. At that point the server will “serve up” the information requested. This happens with amazing speed and is known as the TCP/IP protocol.
Essentially, your computer will request communication with the server online, it will notify your computer that is available to communicate and leaves open a connection. Once that occurs, your computer would normally close the gap and make the connection. This process is called the 3 way handshake, or a TCP connection.
The process occurs in three steps like outlined above. The entire process goes something like this:
The TCP three-way handshake in Transmission Control Protocol (also called the TCP-handshake; three message handshake and/or SYN-SYN-ACK) is the method used by TCP set up a TCP/IP connection over an Internet Protocol based. TCP’s three way handshaking technique is often referred to as “SYN-SYN-ACK” (or more accurately SYN, SYN-ACK, ACK) because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers. The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of the network TCP socket connection before transmitting data such as SSH and HTTP web browser requests.
How DDoS Attacks Exploit The 3-Way Handshake
DDoS attacks manipulate this protocol by timing out the server. Have you ever seen those frustrating 503 errors? That is what you will see when a site is being hit by a DDoS attack. That’s not to say that every time that message pops up a DDoS attack is happening – but it is something you will see. If we follow the same “3-way handshake” process above, the exploit happens when the IP that initiates the process refuses to close the connection. Basically, an attacker will send repeated requests to a server. Each time the server will respond and wait for the connection to be closed. Eventually, and with enough connection attempts, the server resources will dwindle until it can no longer respond – and then the lights go out.
At that point, you’ll probably need to find a solid DDoS mitigation provider.