How to take down the internet with one DDoS attack
On October 21st the US lost access to a large part of the internet. Here’s how that happens.
If someone wants to take down your website they can orchestrate what’s called a Denial of Service (DoS) attack, which involves sending thousands and thousands of requests to your website’s server. The server can’t respond to the volume of requests and in its attempts to fill them slows your server’s response time, making it impossible for legitimate users to access your site or for you to make changes. If all of these requests are coming from a small number of computers you can block the attacker’s IP address on your router and free up your server’s resources for legitimate use.
The attack on the 21st was much grander in scale. A Distributed Denial of Service (DDoS) attack doesn’t use only one or two computers to generate attacks but tens of thousands, most of which are likely botnet computers owned by casual computer users who aren’t aware that their devices have been repurposed by a virus or malware into a node on a botnet. This alone makes it hard enough to block attacking IP addresses but DDoS attacks also frequently involve proxy services and packet anonymization to disguise the original IP addresses and make them impossible to block. Sometimes you’ll hear of a large company or a government agency being taken down, but it is rare to lose access to whole sections of the internet as the result of an attack.
So how did it happen?
Whether you know it or not your computer relies on Domain Name Servers (DNSs) to find their way around the internet. The website you know as google.com is known to computers as 220.127.116.11. DNSs are the servers that check how to route your computer to 18.104.22.168 and make sure that you aren’t getting sent to 22.214.171.124 instead, or that 126.96.36.199 isn’t pretending to be 188.8.131.52. There are millions of DNSs constantly checking that sites are what they say they are and allowing your computer to access them. Some are small and private, some are clusters at large server farms. The attack on the 21st was a series of massive DDoS attacks aimed at a company in New Hampshire called Dyn, which happens to be a major DNS provider for a lot of what we use online every day. The attack disabled Dyn’s DNS servers and as a result DNS went down for some major services, effectively barring the door to users whose computers were trying to find a location without a map.
Post-incident reports indicate that the attack was the result of a Mirai botnet, largely made up of web-enabled devices such as CCTV cameras. The fact that these cameras were so easily hijacked and have so little in-built security raises a lot of questions about the direction the tech industry has taken in supporting the internet of things, and the fact that large portions of the internet went dark on the 21st has raised valid concerns about the viability of cloud software in a world where access to your business infrastructure can be taken down by a smart refrigerator.
Solid security and physical redundancy can do a great deal to protect your business productivity. If you’re interested in an assessment of your security standards or curious to learn more about what a physical server can do for your office give PMCS a call for a consultation at (818)957-5647