One of the key objectives of a DDoS is to increase the workload the server has to do in order to process the request. In terms of rate, just sending standard old HTTP requests alone to a web server isn’t real efficient and there are a number of ways of stepping things up. More of each obviously makes the attack more effective. The effectiveness of a DDoS attack tends to be measured in both the rate of data flooding the target and the duration it lasts for.
Now make that 1,000 or 10,000 clients and you start to see how valuable crowdsourcing is to the would be DDoS’er. Naturally 10 clients sending is going to have a significantly greater impact than a single one. DoS tools will typically multithread the connections and depending on the protocol used (usually TCP, UDP or HTTP) form the requests in such a way as to cause maximum workload on the target all in the name of making the attack as effective as possible.Ī distributed DoS or DDoS is when the process is spread out over multiple clients all sending junk data to the web server. In other words, if you can flood the web server with enough junk data then it struggles to serve legitimate requests. The denial of service on the door is effective both because of the nature of the payload (the larger gentleman) and the volume (the fact there were many of them).Īs it relates to websites, a DoS substitutes the big guys for data packets and the door for the network interface to the web server. Throw enough of the big fellas at the door at once and nobody else will be able to use it. Let’s start with the basics in layman’s terms, a denial of service attack is the web equivalent of trying to squeeze a whole bunch of fat blokes through a single revolving door in one go. Hopefully that sets the scene as to the significance of this kind of attack, let’s take a look at the mechanics of LOIC, DDoS and the possible ramifications for those who want to get involved. Prosecutors described Chris as “a cyber-criminal who waged a sophisticated and orchestrated campaign of online attacks on the computer systems of several major companies" and alleged the actions he was a part of caused damages of £3.5 million. Last week he was sentenced to 18 months imprisonment. Last month (two years after the attack) he was convicted of conspiracy to impair the operation of computers and faced the prospect of up to 10 years in jail. This is Christopher “Nerdo” Weatherhead:Ĭhris was 20 years old when he was involved in the MasterCard attack. There have been countless DDoS attacks by hacktivists since, the latest newsworthy event being the takedown of the US sentencing commission website just this weekend in retaliation for the legal action against Aaron Swartz, undoubtedly a contributing factor to his recent tragic suicide.īut the results can also be devastating for those involved in orchestrating these attacks. The result can be devastating for the target MasterCard suffered major outages on at least two different occasions as a result of this a couple of years back. Here’s how it often begins, with a call to action for hacktivists to join in an organised DDoS: The names or how active they presently are isn’t really the point though, I’m interested in looking at the nature of DDoS as this is where I see a lot of misunderstanding. They’ll usually be anonymous (that’s with a little “a”) and may associate themselves with groups such as Anonymous (with a big “A”) or others such as LulzSec and UGNazi. LOIC has shot to fame in recent years as the tool of choice for what we colloquially refer to as hacktivists, or in other words, folks with an axe to grind – usually for political purposes – who use the web to express their displeasure. But let’s not get ahead of ourselves, there are a few things to understand first.
It’s the Low Orbit Ion Cannon and yes, you can be arrested and sentenced to a prison term for using it to mount a distributed denial of service attack on a website.