Header Ads

What is DDoS attack? How hackers DDoS and takeover a website?

A “Denial of Service” (sometimes called a “Distributed Denial of Service” or DDoS) attack occurs when a system or a web server, receives so many requests at one time that the server resources are overloaded, the system simply locks up and shuts down. The goal and result of a successful DDoS attack is the websites on the target server are unavailable to legitimate traffic requests.

How does it work?

The logistics of a DDoS attack may be best explained by an example.

Imagine a million people (the attackers) get together with the goal of hampering Company X’s business by taking down their call center. The attackers coordinate so that on Tuesday at 9 AM they will all call Company X’s phone number. Most likely, Company X’s phone system will not be able to handle a million calls at once so all the incoming lines will tied up by the attackers. The result is that legitimate customer calls (i.e. those that are not the attackers) do not get through because the phone system is tied up handling the calls from the attackers. So in essence Company X is potentially losing business due to the legitimate requests being unable to get through.

A DDoS attack on a web server works exactly the same way. Because there is virtually no way to know what traffic is sourced from legitimate requests Vs. attackers until the web server is processing the request, this type of attack is typically very effective.

How hackers DDoS?

Due to the “brute force” nature of a DDoS attack, you need to have lots of computers all coordinated to attack at the same time. Revisiting our call center example, this would require all the attackers to both know to call at 9 AM and actually call at that time. While this principle certainly will work when it comes to attacking a web server, it becomes significantly easier when zombie computers, instead of actual manned computers, are utilised.

As you probably know, there are lots of variants of malware and trojans which, once on your system, lie dormant and occasionally “phone home” for instructions. One of these instructions could, for example, be to send repeated requests to Company X’s web server at 9 AM. So with a single update to the home location of the respective malware, a single attacker can instantly coordinate hundreds of thousands of compromised computers to perform a massive DDoS attack.

The beauty of utilising zombie computers is not only in its effectiveness, but also in its anonymity as the attacker doesn’t actually have to use their computer at all to execute the attack.

The Security Threat of a DDoS Attack

More importantly, in many cases a DDoS attack is merely designed to distract from other criminal activity, such as data theft or network infiltration. The attacker keeps its target busy fighting off the DDoS attack, to then sneak in a piece of malware.

Most Famous DDoS Attacks


1. GitHub: 1.35 Tbps

2. Occupy Central, Hong Kong: 500 Gbps

3. CloudFlare: 400 Gbps

5. U.S. Banks: 60 Gbps

4. Spamhaus: 300 Gbps


Fun Fact :- The Famous Hacktivist Group Anonymous Made DDos Famous


No comments

Powered by Blogger.