The DDoS Mafia
And why the internet should be regulated.
This is a true story.
The first time
A little while ago on one of the sites I work for, on the live chat site comes up a nice user.
— If I don’t pay me I turn off your website.
Obviously we did not believed him. We have not even replied to him. After a few minutes the site was unreachable, not loading anymore. The whole thing lasted for a half hour.
After which the site was miraculously back online. Then again that nice guy comes back, and threatens us again. This time also we have not replied. The thing repeated for 4/5 times and then he disappeared.
What is a DDoS?
For those who were not expert in the subject, we received a DDoS attack, short for Distributed Denial-Of-Service attack. It means that at the same time many -really a lot of- computer continue to connect to the website. In this way the computer on which the website lives fails to respond to all users who connect, because they are too many. The result is that the website is not responding to anyone.
I’m sure that if you have never been exposed to this concept, it is very difficult to understand. I’ll try to explain it with an example… Have you ever seen the following image on Twitter?
Well, when you see this, it’s probably because Twitter is undergoing something like a DDoS attack. Too many users are trying to connect to Twitter, and Twitter itself it’s not able to respond to all users. This image is typically found during the night of the Oscars, the Super Bowl, or other worldwide events where whole world wants to tweet at the same time. Twitter’s infrastructure is not prepared to support this amount of connections.
How do you perform a DDoS attack?
First of all, anyone can carry out a DoS attack -without the double D- from their computer. You just have to install a software that continues to send requests to a specific website. Very easy.
For a DDoS, where the first D means Distributed, you need many -a LOT of- computers to connect to the same site repeatedly at the same time.
How? Well, to start you could organize an attack with a bunch of friends, 10, 100, 1000. This is what the Anonymous did to attack some people that are not very friendly.
What if you don’t have many friends? It’s little less easy to plot, but still doable. You must use a so-called Botnet. That is a lot of computers connected to each other, that at your command will do all together what you want. For example, continuosly connect all together to the same website.
How do you get a Botnet? Here comes the part a bit more difficult. You must gain control of all those computers. Have you ever received a mail like this:
— Hey, look at my pics in underwear! http://www.jhcbs.co
You click on the link and nothing seems to happen. But when you have loaded the page, the website installs on your computer a program that can do a lot of nasty things to it, including making you become part of a Botnet. There are many chances that even you -without even knowing- are part of a Botnet, and also that right now you are participating in a DDoS attack without realizing it.
Cloudflare, DDoS prevention for n00bs
Ok, being the first time that we were affected by this attack, we look for a solution on the internet. After a quick scan we decide to go with Cloudflare. What Cloudflare does? I’ll explain it with an image taken from their website.
Without Cloudflare, all visitors that go to our website are connected directly to us. With Cloudflare, users connected first to the Cloudflare cloud, then to our site. Cloudflare blocks connections that seem to be fraudulent (including those from computers in a Botnet) and passes the other.
But here it comes the problem. Cloudflare try to pass all the visitors throughout their cloud, but it’s easy for a person who wants to perform a DDoS attack to bypass the Cloudflare cloud and get directly to the server.
In addition, Cloudflare disables it’s protection even for DDoS attacks that pass through its cloud if they are above a certain power. Therefore it’s useless.
Almost-solution to DDoS
Simple, you must include the server in the cloud of Cloudflare. That’s to say to make any user that connects to the site to necessarily pass through to the cloud. Too bad that with Cloudflare is not possible for low-cost plans. Only the enterprise packages, ranging from $ 5000 a month -maybe- allow it. So the only solution it’s to move the site in a network protected against DDoS.
There are many solutions that vary depending on the power of attack than from which the site is protected, measured in Megabytes or Gigabytes per second. Akamai and Prolexic are companies that offer this service for large corporations, such as Apple. We have opted for ddos-guard.net, which provides up to 140 Gigabytes per second protection. A lot, but certainly not enough to protect us against apocalyptic attacks.
Nobody, and I repeat nobody, can protect you against giant attacks. The reason is simple. We are accustomed to think that the internet is something that has no physical form, but it’s not like this! All computers in the world are connected by wires, optical fibers, which have a limit, a maximum capacity, which can always be filled. Think of a 50-lane highway, or a 100-lane one, indeed. Think if all New Yorkers simultaneously decided to go to the Hamptons for the weekend… don’t you think that the highway will be stuck?
Possible permanent solution to DDoS, and many other things
How to do it? You must link each internet connection -IP address- to someone’s identity. This identity does not necessarily have to be known in its entirety from the site that receives the connection, but at least the site must have the possibility to communicate with this person, at least in a one-way mode. Identity management could be held by an international organization. Doing so would destroy the Botnet.
Example:
- The site receives a DDoS attack.
- The site logs all IPs from which the attack is generated.
- The IPs are reported to the authority.
- The authority contacts all users reporting that an attack has started from their computer and invites them to install an antivirus or to do a security check-up.
- The user secure their computer.
- The entire Botnet is destroyed. The attacker must recreate it. And it’s not a fast thing to do.
Obviously the most critical step would be the one from 4 to 5. It’s difficult to predict whether the user, once he has received the report, will secue his computer. But I’m pretty sure that with the right message of terror, a large part of the users will do it. For example, mention the fact -real- that someone could steal you credit card numbers and other personal data.
The biggest question of this solution is that it would diminish the privacy of people who surf the net. Could destroy the so-called net neutrality.
But I think net neutrality is already dead a long time ago. You know, right, that the NSA already knows how many hairs you have in your butt crack?
Have a good surfing on the web. And please, install an antivirus!
Nicolas :)
PS: If you want to build a site safe from DDoS attacks, contact us, Yolo Apps. Oh, and we also craft amazing apps for iPhone and Android.
