DDoS Attacks

Distributed Denial of Service Attacks, or DDoS Attacks, effectively flood websites or servers with traffic from many different sources in order to "make the site unavailable." DDoS is a type of Denial of Service Attack (DoS Attack) that uses multiple sources in order to blocks users from accessing the site. It is important to remember that not all service errors are the result of attack behaviors and can occur if a website is overwhelmed by non-malicious traffic as well.

Public Perception
The public perception of DDoS attacks is negative. It is inconvenient to users who cannot reach their destination, and it can create major problems for the website's registrant, whether it is the website of an individual or an organization. DDoS attacks can become criminal when the attacker asks for money to stop the current attack or to prevent further attacks. DDoS attacks can also be used by "hacktivists" for political gain, to interrupt free speech, or in protest of perceived injustice.

Outcome
The outcome of a DDoS attack is that the attacked website is unavailable or runs very slowly. The damage done by these attacks can lead to minor inconveniences, losses in consumer confidence, or large revenue losses.

Historical Use

 * DDoS attacks have been used to take down or interrupt the traffic of large sites, making them inaccessible. These planned attacks can be committed for political, social, and/or illegal purposes. Unlike regular DoS attacks, DDoS attacks use multiple computers to attack their victims which often makes the attack harder to stop. Botnets, or networks of computers controlled by hackers, are often used in DDoS attacks.


 * Four types of DDoS attacks include:
 * 1) TCP Connection Attacks: attempting "to use up all the available connections to infrastructure devices"
 * 2) Volumetric Attacks: attempting to use large amounts of bandwidth
 * 3) Fragmentation Attacks: sending so many TCP or UDP fragments that the target cannot assemble them, which slows the system
 * 4) Application Attacks: trying to flood one aspect or application on a given site


 * A DDoS attack can be bought or traded as a service. For example, an attack that lasts a week can be purchased for $150, while an attack that lasts 1 hour can be bought for $30-70.


 * In addition to causing service errors, DDoS attacks can also be used to commit "other cybercrimes, including data breaches or financial fraud."

ICANN Policy

 * ICANN does not have a policy that specifically addresses DDoS attacks; however, ICANN's blog has addressed the issue of how to respond to and report a DDoS attack. If a site is under attack, the 2013 post suggests that the registrant contacts the hosting provider and internet service provider (ISP). If the attack was proceeded by a threat or a sum of money was demanded to stop the attack, the registrant should contact law enforcement.


 * ICANN's Security and Stability Advisory Committee (SSAC) also released an advisory in 2006 on DDoS attacks in relation to the DNS.


 * ICANN's SSAC released another advisory in 2014 on DDoS attacks and how they may exploit certain security issues in the DNS. For example, an attacker may use a victim's spoofed IP address to make multiple queries to an open recursive DNS server; the server will then respond by flooding the victim's computer with the unsolicited responses. DDoS attacks that utilize "DNS reflection and amplification" can have "attack data bit rates reportedly exceeding 300 gigabits per second." The advisory suggests that "ICANN should...facilitate an Internet-wide community effort to reduce the number of open resolvers and networks that allow network spoofing." Additionally, rate limiting and blocking abusive queries may help reduce DDoS attacks. The SSAC also recommends that DNS software and systems be updated regularly to reduce DDoS vulnerability.
 * Read the SSAC's Advisory on DDoS Attacks Leveraging DNS Infrastructure
 * View the SSAC's Presentation at ICANN 49

Legislation

 * Computer Fraud and Abuse Act (CFAA): this act, last amended in 2008, prohibits the unauthorized use of another person's computer, among other things. In relation to DDoS attacks, if the hacker used a botnet to perpetrate the attack, he or she could be charged under CFAA in addition to facing civil suits. DDoS attackers can also face jail time.
 * Read more about the CFAA.


 * Other nations, such as the UK and Sweden, also have anti-DDoS legislature.

DNS Award
Awardees take a proactive approach to preventing DDoS attacks.

Additional Resources

 * Review facts and watch a video explaining DDoS Attacks
 * View a DDoS Attack Map
 * Read the SSAC's DDoS Advisory
 * See CERT's Security Tips Page for signs that indicate you may be experiencing a DDoS attack
 * View a Visualization of a DDOS Attack
 * Listen to the SSAC's Presentation at ICANN Singapore that addresses DDoS attacks and recommendations

Related Articles

 * Botnet Attacks
 * DoS Attacks