DDoS 101

What is a DDoS attack?

DDoS stands for “Distributed Denial of Service”. Essentially, a person in control of hundreds or thousands of different systems (a distribution of systems, if you will) will direct all of those computers to flood the bandwidth available to a given IP address. The resulting flood “attack” serves to effectively destroy your ability to send or receive data on (or denies your service to) the internet. This can be done using a variety of methods, such as by overloading your routers ability to receive requests, or physically over-saturating your bandwidth such that no useful data can pass through. Sometimes amplification techniques are utilized which allow someone to generate more traffic than they have available to them, such as a DNS amplification attack. The exact method isn’t important, though. Just the concept that your internet will be virtually unusable for some amount of time while the attack persists. It could last anywhere from 30 seconds to 24 hours, depending upon how much money the attacker is willing to spend.

How is a DDoS attack performed?

Rarely will a person targeting someone for an attack actually have access to the machines being used to attack your system. The more common route is that someone will pay a certain monthly fee to have access to a larger botnet that advertises itself as a “website stresser.” They will then input your IP address into a webform, hit “enter” after specifying some more options, depending on the booter, and the “attack” will begin, often for 1-2 minutes. The reason why attacks are generally only sustained for a short amount of time is due to the fact that the owners managing the shell booter don’t want their resources being exhausted, as they provide DDoSing services or e-mail spam lists to a lot of other people as well.

How do they get my IP address?

Once a person signs up for a booter site, sometimes they will get a referral link that they can send to other people. This referral link will report to them all of the IP addresses that click on the link. So if someone sends you a shady link with a referral at the end and you click it, there’s a possibility that they’ve logged whatever IP Address you were broadcasting when you clicked said link. Another option is to use one of several popular Skype resolver websites. This is by far the easiest way to get someone’s IP, simply enter their Skype name into this webform and you will receive their IP address if their Skype in unsecured.

How do I know if I’m being DDoS’d?

Unfortunately this question is incredibly difficult to answer. The proper way to actually identify a DDoS attack is outside the scope of this article. I’ve seen a ton of suggestions on the ‘net, ranging from “ping google.com” to “check your router status”, but none of these can give you a absolute answer that confirms you’re being DDoS’d. The only way to determine you’re being DDoS’d is through a bit of investigation and common sense.

Do you find yourself getting DDoS’d whenever you play against the same player? Is someone extorting you for money, saying it will stop? Did a bunch of untraceable/otherwise seemingly random internet problems start popping up after clicking a random link? When you do get disconnected during a game, is it always for only 1-2 minute spurts? Have you called your ISP multiple times and confirmed that no one else was experiencing an outage or any other interruption of service?

There’s no absolute way to figure out if you’re being DDoS’d. Usually the person DDoSing you will alert you to it in some ways because they enjoy the attention from it, but this doesn’t always happen. Some people are happy to do it anonymously and quietly from the shadows, taking pleasure in the misery they know they are causing you.

For your convenience, I’ve provided a flow chart that summarizes how a DDoS works.