Dummy Writes About DDOS Attack!!

July 9, 2009

Our 4th of July weekend was going pretty well. We did the things we love to do – long walks, experiments in the kitchen, window shopping. We had our fingers crossed for an uninterrupted weekend. But on Sunday morning, the dreaded call came. From where else but Sachin’s office! Unlike the other weekend calls, this one had Sachin in a frenzy. He worked all day long and through the night, using all the phones lines and laptops that was at his disposal. On asking him, he grunts – virus attack. He heads for work and on his return I ask him as I normally do – How was your day? It has all settled down – he replies.

This is not a virus .. You guys know that right ? 😀

We eat dinner and talks of a walk crops up. As we walked, Sachin got into the journo mode, reporting the events of the day and what had really happened. I am a bit of a techno dummy, so he had to come up with explanations involving the hotel industry. 😉

Sachin handles the network ops of couple of sites. One of them was receiving too many hits – an awful awful lot! Like 12,000 hits in 3 seconds! Most major sites have  something called a loadbalancer. It is something like a waiter who takes your order in a hotel. Basically it seeks to know what you want. Then it passes on that information to a group of servers. (This particular site has 30 servers for its homepage only!! ) When you place an order, the waiter doesn’t cook it up himself, right? He goes to a little window to the kitchen and tells them so and so dishes at Table 6. And its not just one cook who serves up the dishes – there will be a handful of them so that orders get attended to quickly. So that’s is similar to the servers function. The servers help to keep traffic smooth flowing – basically helping the site load fast and without errors.
Sunday  morning, the loadbalancer was running almost to full capacity. Yes, it was the target of Distributed Denial of Service attack. To explain what DDOS is, I will need to explain a little bit about malware. People who don’t have anti virus software installed, in more cases than none, will be the recipients of virus, malwares, bots and the like. When we visit certain sites ( streaming movies, music, etc), unwanted elements get lodged in our computers. Most people have Internet on at all times these days, isn’t it? So the malware file in our computer is easily reached by its Master file which prompts them to carry out commands – like go visit A.com at so and so intervals. So that is what the bots on our computer do. In the early years of hacking, the bots were not so spread out. It would be just a certain group of people who have bots on their systems. It was easy to fix them because all that was needed to be done was locate IP address (IP addresses are to computers what license plates are to vehicles! Unique indentifiers!) and block that particular user. These days, the bots are spread all over through these media-heavy sites. The bots are widespread and if all these IP addresses are to be blocked, then there will be no readers for the site. So more holistic ways to keep the bugs out are planned.

That’s when the cat and mouse game began. Like Sachin’s team found earlier – 3 seconds, 12,000 hits. Several unique features arose. It was found that it was coming from N Korea and from users of a certain browser which is used by very few people. So the site was disabled for people fof N Korea using the above mentioned browser. That worked… only for a couple hours! The Master file figured out it had been blocked. Fresh commands were issued to the bots – visit from the more popular browsers. Now it is difficult to block the more popular sites because that would mean blocking way too many legit users. By this time the loadbalance for the site was just hanging by a bare thread. The targeted audience for the site was for the US. So in a last bid effort to keep the loadbalancer going, the team disabled site to be viewed by the whole of North Korea across all web browsers.

This was a simplistic account of what happened in the recent Virus attack  on the US governmant sites and some other crucial sites. For most of you this would seem like the ABC book – if you have read till here, I thank you for your indulgence. 🙂 This account was mostly written for those of you who use the Internet services but are puzzled bits and bytes, virus attacks, malware and the like. I hope my account as made it all a little clearer. Links have been enclosed for more detailed information.


19 Responses to “Dummy Writes About DDOS Attack!!”

  1. narayan nayak said

    I went through it and found it abit out of our interest but revisited because i thought it may be of use some time later. Then I got some idea
    It is worth to know how much people in this line go through losing their sleep and leisure
    to keep things in order so that people like us who are ignorant in these matters can still use the facility.I will almost put their role in the same level as our brave soldiers in the freezing heights and hot and arid deserts, only one mentally and the other is physically in the tornado.

  2. thethoughtfultrain said

    Wow! Thanks a bunch for the comment. Though not as crucial as the soldiers, but they do help in keeping our everyday online lives smooth. 🙂

  3. narayan nayak said

    I put both in the same category because both enemy in their multitude are waging war with us one the territorial spac and the other on the cyber-space both are important to us though most people can understand the tresspassing of the cyberspace

  4. le embrouille blogueur said

    Anyone who works in security is prone to immense stress etc …. this post does not seem to be written by a dummy …but by someone who understands the concept and wants to relay it in simpler terms … good stuff …..too bad your 4th of July was filled with different kind of fireworks …!!

  5. thethoughtfultrain said

    Hi LEB!! Thanks a bunch .. Only Sunday was shot, Friday and Saturday was calm. 🙂

  6. narayan nayak said

    I would add a correction to my earlier comment saying…….thoughmost people can not ( can, as stated earlier)tresspassingof the tresspassing of cyberspace

  7. thethoughtfultrain said

    Correction noted.

  8. Tastemaster said

    if you were to explain this to a guy who has absolutely no idea about computers, then you might throw him a bit off track with the servers & waiters bit.. similar meaning to a layman.. but not for a techie. 🙂

  9. Ramesh said

    I read about this in the press, but your account is more lucid and clearer. And you call yourself a techno dummy ? No way.

    I also heard that China was behind this attack as well. I know its difficult to pinpoint where it came from, but maybe its a pointer of how skirmishes will happen in the future world.

    • thethoughtfultrain said

      Ramesh, thanks for the appreciation. It is Sachin’s handiwork that I dont come across as a dummy! 😉
      I didnt see anything about China being involved. The news was basically focusing on N Korea.

  10. ok…for someone who calls herself a techno dummy that was some explaination :). I saw this in the news..but did not listen to the details…now I know :). so you guys could not go anywhere for the long weekend?

  11. rads said

    This prob always happens with ppl in the Admin team I guess coz my hubby’s in one too n he’s mostly working on weekends…winter weekends are ok but in summer when its the only time we can go out is like hell…

    I guess you mean Network Ops? Thats what my hubby does. Yeah, the summer weekends down the drain is like getting rotten eggs on the face!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: