I heard on the news today that my favorite social network, Twitter, is being plagued by what they called a “denial of service attack”. What on Earth is that? They’re forced to not actually get service and it’s an attack? I mean, I’ve been to restaurants where I experience a denial of service, but how can something like that affect Twitter or Facebook or whatever?
Ha! I love the joke about denial of service at a restaurant. You could even have said that was what launched the entire Civil Rights movement decades ago, but that wouldn’t have been focused on what’s going on right now with Twitter and Facebook, among other sites.
The idea behind an actual denial of service attack (often called a DoS) is that if you flood the Web servers of a popular site with spurious, bogus queries, it’ll be so busy answering those bogus requests that it’ll have to reject legitimate connect requests from real users.
Think of it this way: if you were answering phones for a company and suddenly found that seemingly every single call was a prank, wouldn’t the people who were trying to call the company for legitimate reasons just get a busy signal, while you, the operator, were stuck dealing with and hanging up on the bogus callers?
There are also a lot of ways to implement a DoS too, as it happens, but the most common are so-called “smurf attacks” (technically, ICMP floods), where incorrectly configured network devices allow queries to be sent to all machines on a network, rather than a specific one. The more complex the network, the more this kind of thing can be crippling to the service.
Other ICMP floods include “ping floods”, where ping packets are sent incessantly, or SYN floods, where, you guessed it, SYN packets are sent with forged sender addresses.
Other types of Denial of Service attacks include “teardrop attacks”, “peer to peer attacks”, “application level floods”, “nukes” and “distributed attacks” (also known as DDoS, or distributed denial of service). The lattermost is particularly tough because hundreds or even thousands of machines can all be unknowingly contributing to the attack (if you really want to get into the weird nomenclature, it’s usually trojan attacks that compromise the individual machines, making them zombie agents.
Suffice to say, what’s happening to Twitter is very hard to address because if the tsunami of bogus queries are indistinguishable from legitimate ones, how can they shut it down or block it?
To learn more about Denial of Service attacks, check out the informative article on Wikipedia.
And as for Twitter? Hopefully that’ll be back up and fully online pretty darn soon!