What is it?
A “denial of service” (sometimes called a “distributed denial of service” or DDoS) attack occurs when a system, in this case a web server, receives so many requests at one time that the server resources are overloaded the system simply locks up and shuts down. The goal and result of a successful DDoS attack is the websites on the target server are unavailable to legitimate traffic requests.
How does it work?
The logistics of a DDoS attack may be best explained by an example.
Imagine a million people (the attackers) get together with the goal of hampering Company X’s business by taking down their call center. The attackers coordinate so that on Tuesday at 9 AM they will all call Company X’s phone number. Most likely, Company X’s phone system will not be able to handle a million calls at once so all the incoming lines will tied up by the attackers. The result is that legitimate customer calls (i.e. those that are not the attackers) do not get through because the phone system is tied up handling the calls from the attackers. So in essence Company X is potentially losing business due to the legitimate requests being unable to get through.
A DDoS attack on a web server works exactly the same way. Because there is virtually no way to know what traffic is sourced from legitimate requests vs. attackers until the web server is processing the request, this type of attack is typically very effective.
Executing the attack
Due to the “brute force” nature of a DDoS attack, you need to have lots of computers all coordinated to attack at the same time. Revisiting our call center example, this would require all the attackers to both know to call at 9 AM and actually call at that time. While this principle certainly will work when it comes to attacking a web server, it becomes significantly easier when zombie computers, instead of actual manned computers, are utilised.