Podcast: Play in new window | Download (33.9MB) | Embed
Subscribe: Apple Podcasts | Spotify | Email | RSS | More
A distributed denial of service attack, or DDOS is an attack in which a hostile party attempts to disrupt the normal functionality of a target server, network, or service by overwhelming a target and its related infrastructure. The goal is to disable the service, or at least degrade functionality enough to impact users. These attacks can occur for a variety of reasons. In some cases, an unscrupulous competitor may decide to attack to drive your customers to them. Sometimes DDOS attacks are used for hacktivism, or as a part of a larger military or political conflict. Sometimes it is just for fun. In addition to these potential motivations, sometimes DDOS attacks are part of a larger scam – essentially, you are expected to pay to avoid having your servers attacked.
While this may not sound too impressive yet, in 2019 the average cost of a DDOS attack was around 2.6 million dollars. The average in 2018 was around 1.6 million dollars. The numbers are continuing to rise, with the number of DDOS attacks increasing by 22 percent increase in the number of DDOS attacks hitting financial firms. There are individuals and groups online offering DDOS-as-a-service. It’s possible to launch a large, damaging, and expensive DDOS attack on a competitor for a fairly low price. There is no reason to think that this trend will not continue to increase.
Some DDOS attacks can be mind-bogglingly huge in scope. The largest (so far) sent packets of data to 180,000 web servers, each of which sent data to google. The attack averaged around 2.54 Tbps (terabytes per second) of data to google. Google managed to mitigate another attack that would have been even larger in June of 2022. That attack peaked at 46 million requests per second, lasted about 30 minutes and was conducted by more than 5000 devices from 132 countries. Not only do DDOS attacks represent a substantial risk for website owners, but they can also be used to create a “fog of war”, while other more insidious attacks occur.
While DDOS attacks are not something developers deal with every day, it’s important to understand them, because you are likely to be in the room when your organization discovers that it is under attack. Because these attacks can often look a lot like standard web traffic at a larger scale. It can be tricky to diagnose them and even more tricky to mitigate them. In practical terms, most web developers won’t have to do much to mitigate DDOS attacks – instead, we’re often called to identify them so that the problem can be forwarded to operations, networking, or devops personnel. However, it’s still important to understand the characteristics of DDOS attacks, because they are fairly common.