Denial of Service Attacks and Botnets

What is a DDoS attack?

A distributed denial of service (DDoS) attack is where many compromised (infected) machines on the Internet are directed to focus a large amount of traffic toward a target to overload it, which may either severely affect the performance, or sever the connection to the Internet.

The compromised machines are typically computers that have been infected, they are also called zombies or bots, and the actual owner of these computers might not be aware that they are a casualty of an infection. A collection of bots is called a botnet. The people who run the botnets are usually the same ones that create the viruses, and they use the combined workload of all of the infected machines to perform tasks like a DDoS attack when extorting money (ie. give us $$$ or we'll bring your site offline), or for sending spam.

Because the the attack is from many machines that are not directly associated with the attacker, it is very difficult to track down or stop a botnet, but Microsoft has had some luck in association with law agencies over the last few years. Here is google's page about DDoS attacks.

Why do people do these attacks?

By far the most common vector for attacks toward our subscribers is just from someone trying to take down or 'lag' another connection to get an advantage in an online gaming match, like xbox live. The botnet owners actually will rent out their botnet in return for a small payment. Botnets used to be primarily focused on spam, but with spam prevention getting better, they have expanded their sources of income.

How can a DDoS be prevented or stopped?

Just like spam, botnets and DDoS attacks are very difficult to track back to their source. There has been a small amount of success with Microsoft taking a lead role with law enforcements to shut down some of the biggest attackers. If you are certain that someone is targeting you with a DDoS attack, please report them to their ISP. If the attack is associated with competition on a service like xbox live, you can report them or their account on there as well.

MCSNet does not have the means to take down a botnet, or to track who may have targetted a botnet toward someone. If your connection is targeted with a severe enough attack, our security system will respond and log it, but your connection will likely go down, and your IP address will likely be re-assigned. Because a DDoS attack can affect a large portion of the network, and not just your connection, subsequent attacks after a new IP address has been assigned may lead to MCSNet terminating your Internet services to protect the health of the network. It is very important to disassociate with services or users that may be leading to attacks against your connection. There have been people who are at the top of the leaderboards in online gaming withdraw themselves or change their online name to alleviate themselves from the attacks.

To prevent your devices from being part of a botnet, please make sure that you have all of the available security updates installed, practice safe techniques on the Internet (not opening unexpected email attachments or installing software from shady websites that promise great things), and use an antivirus program like Microsoft Security Essentials.




Keywords: Denial of Service, DDos, DoS, botnet