Henry Dalziel | General Hacking Posts, Hacker Hotshots, Latest InfoSec News | August 28, 2013
China was hit by the largest ever cyber-attack in its’ history which caused many sites within China to go offline. The attack targeted the .cn domain-ending. The attack lasted for only a few hours but as we all know, a few hours in downtime is absolutely huge in Internet terms. For example, August 19th, Google experienced a four-minute blackout (which apparently was the result of human error. That incident brought down all Google Apps and services (Gmail, Hangouts, etc etc) temporarily. The net result was that Internet traffic dropped by a staggering 40%, so yes, short downtime can be absolutely major when placed into perspective, and this recent Chinese mass-cyber-attack, which has been acknowledged as being an attack (unlike the Google downtime) was caused by a Denial of Service.
The Chinese attack over the weekend brought traffic down by 32% – according to Matthew Prince, founder of CloudFlare. Incidentally, we are thrilled to have Matthew come on Hacker Hotshots (our InfoSec Web Show) October 22nd presenting “Lessons from Surviving a 300Gbps Denial of Service Attack”. Many media outlets quoted Matthew, including the Wall Street Journal and CNet so we are delighted to have such an authority appear in person on our web show presenting this highly topical subject.
The traditional DoS
There are many types of DoS’s – Denial Of Service attacks, but traditionally the attack involves bombarding the target machine, network or in the Chinese case, the servers, with external communications requests with such large volumes that the victim is unable to respond to all requests. The subsequent and intended action is for the victim to fold under pressure and simply cease functioning. By the way, for those that don’t know, sometimes you’ll see DDoS which appends an extra ‘D’ for Distributed – i.e., it is a DoS attack that has been executed by many people or botnets to perform the attack in a distributed manner.
Putting things into perspective: Denial of Service against Ebay
According to our calculations based upon Ebay’s Electronic Delivery of Annual Reports and Proxy Materials, the organization makes $8,000,000 each day. So, with 1440 minutes in a day, brining the site down for a minute would cost the organization $5,555.55, and cause huge annoyance and frustration with buyers and sellers alike.
The Different DoS (DDoS) out in the wild
Just like anything else on planet Earth variety is the spice of life and the same applies for Denial of Service attacks. Here are a few types – if you are studying a pentesting/ ethical hacking course then we’d certainly recommend that you learn how these work, even if just by definition (hint, they might come up during an interview!).
OK, here are a few DoS that exist (and by the way, they will almost certainly continue to mutate!):
This is a very exciting subject and again, if DoS is of any interest to you, then you must register and attend our Hacker Hotshot web show with Matthew Prince (link is at the top of this post).
As we have already established, Matthew is one of the world’s leading experts on DoS/ DDoS, if not the leading expert so come and join us and learn more!