The onslaught that brought down large sites such as Yahoo!, eBay, CNN.com, and buy.com was caused by a denial-of-service (DoS) attack. It is one of the easiest types of attacks to perpetrate yet one of the hardest to protect yourself from. It can cost you many hours of downtime.
Technologically, the DoS attack causes no damage. Financially, it costs you sales every minute your site is unavailable.
What It Is A denial-of-service attack is a relentless stream of information sent to a target with the intention of flooding it until it can no longer handle legitimate traffic.
Aimed at your Web server, it works by denying bandwidth to and from your system. But unlike most other "hacks," it does not require that the hacker gain access to the targeted server. Instead, the person conducting the attack hacks into other computers on the Web, introducing program code into them that effectively turns them into "slaves." These Web slaves then begin sending simple requests for information ("pinging") to the attack target at astronomical rates.
This onslaught of requests from multiple servers on the Web rapidly overwhelms the target's servers. Soon it takes all the servers' attention to respond to the pinging requests, leaving no time to serve up Web pages. In a matter of seconds, your site has been effectively shut down.
How to Recognize It There is one simple way to recognize this attack: Neither you nor anyone else can access your site. There is no access in or out.
The best way to be alerted when the attack is happening is to have (or be) a great system administrator who knows the site inside out. Such a person can spot signs such as increased traffic, lagging site load times, or slowed system response times.
Who Is Doing It and Why There seems to be no major reward for the DoS attack: It offers no benefits other than the opportunity to show off or test a skill. Some professionals regard this as brainless and not very creative. But to hackers, the notion of being the one who brought down the largest online company is a great feat. They can say, "I brought down Yahoo!" And they might acquire their skill by shutting down a smaller site, such as yours.
How to Protect Yourself You can be a victim in one of two ways. You can be the target or you can be the slave, an unwitting accomplice to the attack. (If your server becomes the slave, it is because someone has hacked into your system; see below.)
To minimize the risk of DoS attacks, consider taking the following actions:
Farm out (outsource) your Web hosting services to a large reputable provider. These providers have the resources to avoid, detect, or handle DoS attacks. The host will take care of all the precautions and keep your site running. That is what you pay them to do. If for some reason you experience downtime, you will have someone other than yourself to blame. Hosting your own system will make you more susceptible to attack, unless you are rich and technologically advanced, and have endless hours to invest in security.
Consider purchasing more hardware if you host your own site. The more traffic you can handle, the harder it is to overwhelm your servers. There is one simple solution: Install more high-performance hardware to handle data surges. For most small companies, this may not be an option.
Companies with larger systems should integrate routers into their server architecture. A router stores and forwards electronic messages among networks, first determining all possible paths to the destination address and then picking the most expedient route to the final destination.
A number of routers on the market today have features that allow you to limit the amount of bandwidth some type of traffic can consume. This is sometimes referred to as "traffic shaping." In addition, if you do fall victim to this type of attack, routers will help you recover faster.
Prepare a backup plan to reroute traffic to alternative Web addresses. As soon as you realize that you've fallen prey to a DoS attack, it's time to reroute the legitimate traffic. The DoS attack is specific to your Web address, but you can forward your legitimate requests for site pages to another server while the attack continues. The attacker won't even know that you're back online.