DDoS Attacks for the Common Man

By Larry Seltzer  |  Posted 2004-03-25 Print this article Print

You don't have to be a hated software company or industry association to be the victim of a DDoS attack. Sometimes you can do things to defend yourself, and sometimes you just have to sit and take your beating.

Around the peak of the dot-com era there was a series of incidents that introduced most users to the term DDoS, or distributed-denial-of-service attack. These came to be known as the "Mafiaboy" attacks. The attacks were somewhat scary in that they brought down, one by one, the biggest and most prominent Web sites on the Internet. Every day we wondered who was next, and—gasp!—could it be us? Eventually, the site for which I wrote the most was taken down just like all the big guys. The attacker turned out to be a (lets be generous) troubled Canadian teenager who had managed to crack groups of computers and command them in a coordinated attack against a particular site. If you could get past the basic immorality of the act, the guy did show some talent.

The most recent famous DDoS attacks have been from worms, such as MyDoom, that attack essentially political targets such as microsoft.com. Even more recently, Panda Software described the Cone.E worm, which launches an attack against www.irna.com—which is the site of the Islamic Republic News Agency, aka the official news agency of Iran.

But DoS attacks arent just for the big guys. People in the trenches say they happen all the time for all kinds of reasons. I spoke with Paul Froutan, VP of engineering of Rackspace Managed Hosting, about some of the ways they happen and techniques that can be used to stop or prevent them.

Next page: Ask not why the DDoS bell tolls for thee.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel