Understanding DDoS for the confused.

A DDoS attack is a Distributed Denial of Service. To understand the basics, I'll explain a DoS attack in the simplistic of definitions so you may understand a DDoS.

There are plenty of sub-categories for a DoS attack, but for the purpose of this post I'll keep it broad. Imagine 2 computers that both can load Google in 1 second. If both those computers can view Google in 1 second, what would happen if the connection strength of Computer A was sent to Computer B. First off Computer A (The sender) would lag a ton since all of their internet resources are being sent elsewhere leaving little to none for actual internet browsing. Now Computer B (The receiver) has an additional network resources clogging its system. So now Computer B goes to open Google and now it takes 3 seconds to load Google since there bandwidth stream has significantly dropped. The disadvantage to a DoS attack is it lags both the sender and receiver and depends a lot on the strength of your internet connection. Meaning, a 100mbps connection won't be phased by a 56k modem DoS attack. Everyone can DoS, it takes one program that is freely available and anyone can lag up their computer for little to no purpose. Now lets learn about a more modern form of attack, DDoS.

You should now understand that a DoS attack is a 1 person VS 1 person. However, the first D of DDoS means "Distributed" so you can infer that its many people VS 1 person. The details of obtaining DDoS tools will be left out since it is on a basis of connections and private tools. To explain a DDoS simply as possible, one must understand the concept of a DoS attack (located above).

A DDoS attack consists of an "army" of infected computers controlled by one or multiple individuals. So imagine an entire neighborhood of computers and one random home computer elsewhere. For demo purposes lets pretend that all the neighborhood computer's have been compromised and are running a DDoS bot (or botnet). The individual or individuals that infected your computer (Or in this demo the neighborhood computers) now have a large control of those computer's internet bandwidth. They cannot keylog those computers, take screenshots or anything along those lines. If they can it is not a botnet, it will be a RAT or an upgraded trojan/virus. So with a large army of infected computers, one can point all those computers' internet bandwidth towards one computer. Which in turn will more than likely crash the internet system on that object for a period of time. To help explain the damage and why its hard to stop, an example involving a stadium and people will be used.

Take a stadium that can hold 60,000 people at max and assume people arrive at random times between 7-8pm for the 8:15 show start. People come and sit waiting for the game (like you browse the internet sporadically between 7 and 8). Now lets assume a DDoS attack occurred. Now all of a sudden 20,000 people without tickets showed up at once at the door at 7:10pm (Or you open-ed 2,000 copies of CNN in your web browser). Now the real ticket owners are stuck behind the line of the "fake" ticket owners. This takes up to 2 hours to finally remove all fake ticket holders which can convert to hours of downtime on your computer, since your router is backed up filtering all those internet requests of CNN.

Some smart guys out there might add some security guards to prevent the ticket holders, however that won't stop a DDoS. If 20,000 guys appear at once the guards will still be preventing others from walking in as they handle the mob. This means nothing server sided will prevent a DDoS since it will just be flooded at the internet level and never get a chance to run. If the stadium guys could hire street patrol to stop the fake ticket holders before they got to the stadium that would not interrupt the process for the real ticket holders. That works out, but is very expensive to do. That converts to buying a high end piece of hardware to place at the source of your internet.

How come I can't DDoS Google offline?

Unlike small personal computers, Google has an army of servers dedicated to itself. So imagine Google owning 14 doors that revolve at the stadium, compared to your single pair of double doors for a home computer. Google could take 20,000 people at once through their doors. However, the double doors would become clogged and you would then in turn loose internet till those people or internet requests could be filtered out.

How come I can't protect myself from DDoS at the scripting level?

As of now, scripts are pointless to a DDoS attack. Your internet locks up eons before the script gets a chance to run. Its like placing security guards at a stadium. They never get a chance to block the visitors because they've already blocked up the ticket center. You would have to place your guards at the entrance to your facility on the road, which converts to an expensive piece of hardware like the RioRey.

Next Week: Facebook, why use it?