DDOS attacks - Why do they Happen? - Knowledgebase

Portal Home > Knowledgebase > Articles Database > DDOS attacks - Why do they Happen?

DDOS attacks - Why do they Happen?

Posted by Gary4gar, 05-09-2009, 04:47 PM
I don't really understand why people do DDOS attacks on Websites. It makes sense, if a commercial entity or popular site is attacked. as its rivals might get benefit. Big providers can defend attacks as they have the resources but a avg website owner would booted from their host and site would be offline. But I Don't really understand what do hackers get from attacking small websites?
Posted by CiscoMike, 05-09-2009, 05:11 PM
First off, I'm of a very firm believe that a good chunk of those on WHT claiming "I'm being DDoSed" are significantly misunderstanding the situation. As for why people get DDoS'd? They make themselves a target. Perhaps they are hosting something controversial, they cater do a less-than-morally-upright community or they've managed to piss someone off who can pull something like this off. Why do people DDoS? Considering that it's actually a crime to DDoS someone in most of the "western" world, generally it's an act of sabatoge with the goal of a ransom and/or making some sort of statement. To a smaller degree, especially in the gaming community or the file-sharing and/or blackhat community, it's because some kid is pissed off that "x" happened and he/she/it/they want revenge and figure that taking the site off line is a good way to do that. Quite honestly data leakage is a significantly larger risk that a DDoS attack and just because 5 or 6 automated bots banging on SSH and/or checking for a host of HTTP-based vulnerabilities hit you at once doesn't mean your being DDoS'ed, it just means your unlucky that the IP hash used by a bunch of botted/zombie hosts decided it was your turn all at once. edit: what do I mean by people misunderstanding the situation? Just because your load is at 0.50 one day and is now at 10.00 the next doesn't mean a ddos. Just because apache has spawned 20 children doesn't mean there's a ddos. there's a host of misconfiguration options or maybe it's a simple dos (usually single packet vulnerability) that is hammering away at your host. if more people would make use of cacti / rtg / ntop and be aware of their network stack, then we could start to make sense of whether or not a packet/resource flood is to blame. Last edited by CiscoMike; 05-09-2009 at 05:15 PM.
Posted by eth00, 05-09-2009, 07:00 PM
I agree we see a reasonable number of DDoS with our clients but it is far from what I would consider as a lot. The people that do get attacked generally host controversial content of some type. There are not many just random DDoS attacks on different sites. *edit* also remember the name denial of service -- the "gain" is people cannot view the site, so in the case of controversial content that means the content is not viewable.
Posted by ServerManagement, 05-10-2009, 10:42 AM
I agree, most people assume everytime they can't access their site it's a dos attack. Most dos attacks we see are towards controversial sites too. We see it mostly on servers hosting extreme content. It's rare that we see an attack on a general sites. So I'd say it's pretty much the same as always, no more, no less.
Posted by JonathanWest, 05-11-2009, 12:29 AM
im not totally agree with that, we have some clients who have big sites very popular, and that sites was not controversial .. just was popular. That kind of sites was very atractive for DDoS attackers.. maybe some kid mad for a bad message in their blog or maybe was banned from the chat of that site.. or many many other reasons. The real problem is not how controversial is the site. The problem is how easy is for a kid create a botnet just searching on google .. with a lot of resources for that. Our goal as ISP ( all the ppl here ) is not only mitigate that kind of attacks from that kids, the real goal is erradicate the content and resource, secure all our services, trying to have zero tolerances with this activities. for me that is the real fight against DDoS attacks and Spammers. ( my tiny point of view )
Posted by ServerManagement, 05-11-2009, 01:08 AM
Yes of course there are dos attacks to general sites too, but rarely. Statistically most attacks are towards controversial sites. Keep in mind, some blogs and forums can be controversial, just due to differences in opinions of the content posted. What we're saying is that it's rare that a completely non-controversial site (for example, a mom and pop website selling chocolate) would be dos attacked.
Posted by panoptical2, 05-11-2009, 01:51 AM
I've gotten ddos'ed before because I terminated a large number of high-risk free accounts trying to use torrent leeching software. It's not uncommon, but it usually doesn't happen randomly. Also, most people don't have the money/resources to rent a sizable botnet, so most ddos's can be repelled easily... unless, of course, your server is so busy that you can't even login to it.
Posted by JonathanWest, 05-11-2009, 03:53 PM
mmm what you mean when you say .. repelled easily ??? are you talking about a real ddos attack ?
Posted by CKGroup, 05-11-2009, 04:00 PM
Too many people report there's a DDoS attack to there site but at most the server is down and such. DDoS is stupid script kiddies trying to think there #1 on the net trying to take down your website. Most now fail as even more datacenter's come with DDoS mitigition.

Add to Favourites Print this Article