How to Take Out a Website – Instant Egghead #60

Scientific American Instant Egghead It happens all the time. You’re trying to make a last-minute
purchase, or pay a bill online, but you can’t get the website to load. A technical glitch,
or maybe something more nefarious. The website could be under attack. One of the most common ways
to bring down a website is to flood the servers running it
with so much traffic they simply can’t handle the volume. This is called a Denial of Service attack, and it can slow a website’s performance to a crawl, or force its owner to take the site down
completely until the attack is over. To use an analogy,
think of a website as an airport, and the requests to communicate
as aircraft wanting to land there. When traffic increases, an airport
can make additional runway space available. Likewise, a server can offer
additional connections into the website. With a DoS attack, too many planes
want to land at the same time, and many of those planes
are actually drones set up by the attacker
just to snarl traffic. That means air traffic controllers have to close down the airport
and divert traffic. Access is denied not only to the drones,
but to legitimate travelers as well. But it’s not quite that simple. There are several different kinds
of DoS attack. When traffic comes
from many different sources, it’s called a distributed DoS attack. Many of these sources are computers
or other devices connected to the Internet that have been infected with malware
and turned into zombie-like bots. An attacker can direct thousands, or even tens of thousands of these devices
to create a botnet. In another type of attack,
two sites are hit at once. An attacker will flood Website 1 with requests
that have a faked IP address. When it can’t handle anymore requests,
it generates error messages. Instead of sending those responses back
to the attacker’s computer, it sends them to the faked IP address,
which is actually Website #2. One site under duress has unwittingly
redirected the attack to another site, and the attacker didn’t have
to do any extra work. It’s hard to prevent DoS attacks,
but websites can lessen the impact by backing up their data
to multiple locations. This way, if its servers
come under attack, it can continue to operate
from a different location, and we can get on with our lives. For Scientific American’s Instant Egghead, I’m Larry Greenemeier.

6 Replies to “How to Take Out a Website – Instant Egghead #60”

Leave a Reply

Your email address will not be published. Required fields are marked *