A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a dedicated server connected to the Internet.

Sometimes an attacker uses a network of "zombie computers" to sabotage a specific Web site or server.
The idea is pretty simple -- an attacker tells all the computers on his botnet to contact a specific server or Web site repeatedly.
The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely.

The list of DDoS attack victims includes some pretty major names. Microsoft suffered an attack from a DDoS called MyDoom. Attackers have targeted other major Internet players like Amazon, CNN, Yahoo and eBay.

The names of DDoS attack types range from mildly amusing to disturbing:

  • Ping of Death - bots create huge electronic packets and sends them on to victims.
  • Mailbomb - bots send a massive amount of e-mail, crashing e-mail servers.
  • Smurf Attack - bots send Internet Control Message Protocol (ICMP) messages to reflectors.
  • Teardrop - bots send pieces of an illegitimate packet; the victim system tries to recombine the pieces into a packet and crashes as a result.

The small tip presented in this article will only be useful against very basic and specific type of DoS attacks.

Use the following command to find the IP addresses of the "bad guys", the attackers:

> netstat -ntu | awk '{print $5}'| cut -d:-f1 | sort | uniq -c | sort -n

The output will look like this:
[X]***.***.***.***

[X] Being the number of connections the IP (***.***.***.***) had with the dedicated server.

> iptables -A INPUT -s IPADDRESS -j DROP

IPADDRESS being the address of the spamming IP (***.***.***.***)

[EXAMPLE]> iptables -A INPUT -s 118.24.72.651 -j DROP

After adding the spamming IP addresses, use these commands to finish the process:

  1. > service iptables save
  2. > service iptables restart
  3. > service httpd restart

This little tip is usually not enough to stop an attack. Many user-friendly hosts can null-route IP addresses and by that help the customer stop the attacks.

As mentioned above, huge companies have been attacked by DDoS attacks and were struggling to find a solution. We know this is no magic tool, but it could definitely mitigate or block the smaller attacks.

Good luck and thank you for reading.

 

Was this answer helpful? 2 Users Found This Useful (7 Votes)

Most Popular Articles

What is DNS propagation and why does it take so long?

One of the first steps of establishing your online presence is registering a domain name. Once...
What is the difference between a Shared Web Hosting, VPS Hosting and Dedicated Server Hosting?

  Shared Hosting Shared Hosting is very similar to living in an Apartment Complex.All residents...
How to mitigate or block SYN attacks on a Dedicated Server?

A "SYN Attack" is a Denial of Service (DoS) attack that consumes all the resources on your...
Why Choose Maple-Hosting?

Maple-Hosting: Our Agenda & Beliefs If you are looking for a hosting partner for your...
What is DNS (Domain Name Service)?

Know the terminology and concepts first: DNS = Domain Name System (or Server or Service)....