Before "Cablegate" (the Wikileaks diplomatic cables scandal), those of us who are relatively ignorant about the internet (non-geeks in other words) had never heard the term DDOS, or if we had, we thought it was some kind of software like Windows DOS. But in fact, DDOS attacks have been striking terror into the hearts of IT specialists in the major companies for over 10 years now, and they severely disrupted Wikileaks in late 2010. DDOS is a more radical and damaging version of a DOS attack: the acronym DOS means "Denial of Service". The idea of a DOS is to render a website inaccessible to its visitors. Either the site is blocked altogether, or it is severely slowed down. The pirate orchestrating the attack has a number of ways of paralysing a targeted website: he can cut the power supply to the server, though this is rare. The technique most often used is to inundate the target site with requests so that it becomes saturated. This involves thousands of computers attempting to download the same page of the target website at the same time. Once the number of requests exceeds the capacity of the server to handle them, this is enough to immobilise the website.
DDOS is the acronym for “Distributed Denial of Service”, in other words a DOS on a larger scale.
In a DDOS attack, the pirate (known as the Master) starts by inflitrating people’s computers (maybe including yours or mine) so that they become his “slaves”, which he takes control of and instructs to attack the target or victim: the website in question. In fact, if your computer is badly protected it could well be used as a slave (also known as a zombie or demon) to take part in an attack without your knowing anything about it. If a pirate chooses your machine as a zombie, you haven’t heard the last of it. Many pirates "rent out" their network of zombies to other pirates preparing DDOS attacks. It is therefore possible for you to be implicated in several of these attacks.
While it is easy to trace the perpetrator of a DOS attack – it’s the IP address (their computer identification) that gives them away — it is more difficult to track down all the IP addresses of thousands of zombies! As a preventive measure, instead of using just one server, it’s better to choose a configuration based on a number of servers, so that, if one of them is attacked, your website will still be accessible, even if it’s slowed down. Some people advocate using a buffer server designed to filter requests and “neutralise” any malevolent ones. A good firewall can reduce the risk of a DDOS attack, but it can’t eliminate it altogether.
If your website suffers repeated attacks, it is quite likely that the server on which it runs will just abandon you to your fate, in order to safeguard its other customer websites and ensure that they, too, are not brought down by the attack. It might decide to block your IP address, in which case you will have to find a different server.
In practice, if your website is the victim of repeated DDOS attacks, you will have to change your IP address or your server regularly, in the hope that the pirates will eventually get bored. Otherwise, you can set up "mirror sites", which provide an "alias" for the website you are trying to protect. That way, your visitors can always access the data on your website. This is the solution Wikileaks chose, with more than 700 mirror sites being set up. That should give the DDOS pirates something to think about!