Distributed Denial of Service Attack (DDoS): A Crowd in a Department Store

published by John on Thu, 18/08/2011 - 15:13

What is a Distributed Denial of Service Attack (DDoS)? Imagine you work in the shoe section of a department store called “Harold’s”. People come to you to ask advice about shoes and try them on, and if they like them they go off to the cash register and buy them. In an IT sense you’re a “server” that might normally “serve” web pages to people surfing the internet.

One day a guy called Reg walks in who demands a lot of service. He asks you all kinds of questions about your shoes: Do you have this brand? Do you have them in this colour? What’s the exchange policy? Whilst you work hard to serve Reg, the other customers start queuing up. You manage to field a few questions from the other customers between trips out the back to get the next pair of shoes for Reg to try on.

In fact, Reg is perpetrating what’s known as a “denial of service attack”. He doesn’t really want to buy anything; he’s just keeping you busy. Perhaps Reg is from the rival store “Dufus’” and he’s trying to sabotage you. More likely though he has a moral issue with Harold’s use of leather in their shoes, or he just heard about what fun this could be and decided to try it out. Or perhaps, he has been unknowingly coerced into this by someone else.

After running around non-stop all afternoon serving Reg under the mounting pressure of the queue of customers, normally something cracks. “I’ve had it with you and your stupid job, Harold’s” your average shop assistant would exclaim as he tosses out his tie and name badge and marches out the door, leaving a confused and stranded line of customers. However you’re a bit more astute than all that. You vaguely recall something about this from your training course as it slowly starts to dawn on you that Reg isn’t a genuine customer. He doesn’t want to buy anything at all and he’s just stopping you from serving the real customers. “Aha! Busted!” you cry as you move on to the next customer. Reg can ask all the questions he wants, you just won’t answer any more of them! With the attack successfully thwarted, Harold’s shoe department lives on to see another day of killing cows for shoes.

The interesting and tricky element of the attack is that there’s no way to tell a real customer from a phony customer. The phony customer acts just like a real one. So you just build in a little mental rule: treat everyone as a real customer, but if one customer is simply taking too much time, just stop responding to him.

That was basically what happened to computer-based denial of service attacks.

Well, after a few years the animal rights movement has got a bit organised and they’ve realised that Harold’s and Dufus’ attendants are getting wise to their denial of service attacks. They know you’re looking out for that tricky customer that just requests too much. So they devise a new and even more devious plan: a distributed denial of service attack! This time instead of just one person, a whole crowd of people enters the store. They filter in around the same time and yet independently, dressed differently, so you don’t realise they’re connected, but the effect is the same: you run around like a headless chicken trying to serve them all, and the real customers (whichever ones they are) are being made to wait, if indeed they get any attention from you at all. Now in an IT sense the crowd refers to a bunch of different computers, usually not intentionally participating in the attack but rather computers that have been infected with a virus (technically “malware”) which causes them to silently request pages from your website at a synchronised date and time without their owners even realising.

So suddenly you wake up in hospital. Your supervisor, Dick, is there and explains that you just collapsed under the strain. Harold’s lost a lot of genuine sales that day whilst they struggled to find a replacement for you, but it’s not your fault. You did your best. Having analysed the security tapes, Dick believes that you were subject to what in the inner circles of sales management is known as a “distributed denial of service attack”.

“But how can we maintain and defend Harold’s fantastic cow-utilising industry in the face of this onslaught?” you ask Dick. “They never taught me about that in the training course!”

Dick takes a deep breath. “Nobody knows” he says, as he holds out his hands, offering you two pills. Yes YOU, oh reader. You take the blue pill by pressing that blue-ish "Back" button up the top left of the browser window (at least it's blue in Internet Explorer), forget about it and get on with life. You take the red pill and become a freedom fighter by running an internet search for “distributed denial of service attack” and reading the no-doubt ridiculously long and overly-detailed Wikipedia entry, all the news about the Wikileaks supporters who propagated attacks on credit card companies, some fan site of people dedicated to news about DDoS attacks and so forth.

May I recommend that you just take the blue pill and get on with whatever it is you were trying to do before. But I hope you enjoyed the story anyway.

Add new comment

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.