TO: Prof. Ellis
FROM: Alex Cheung
DATE: Oct. 27, 2021
SUBJECT: Expanded Definition of Distributed Denial of Service Attacks, First Half, Rough Draft
Introduction
The purpose of this document is to better our understanding and knowledge about the term Denial of Service Attacks. We will be discussing the history, context, and the different types of Denial of Service Attacks. Denial of Service Attacks is a very known term amongst network security professionals and black hat hackers.
Definitions
According to the Oxford English Dictionary, the term Distributed Denial of Service means “Computing a form of denial of service in which a web server or other computer system is maliciously overwhelmed by spurious requests from many computers in different locations on the internet, in order to make it inaccessible or unusable” [1]. This definition does a great job of explaining what a Distributed Denial of Service Attack is but, it does not mention how it utilizes malware to add infected computers to its botnet. According to the Britannica Academic, the term Denial of Service means “type of cybercrime in which an Internet site is made unavailable, typically by using multiple computers to repeatedly make requests that tie up the site and prevent it from responding to requests from legitimate users” [2]. Britannica Academic also says that “Distributed DoS (DDoS) attacks are a special kind of hacking. A criminal salts an array of computers with computer programs that can be triggered by an external computer user. These programs are known as Trojan horses since they enter the unknowing users’ computers as something benign, such as a photo or document attached to an e-mail” [2]. Both of these definitions from Britannica Academic do a great job of explaining the definition of a Distributed Denial of Service. It explains clearly that a malware known as a trojan is required to infect other computers and can then be controlled by an external computer and is used for criminal activities.
Context
For anyone who isn’t familiar with network security or other related fields, the term Denial of Service might just mean refusing to serve someone. But to someone who is in the said related fields, Denial of Service is a cybercrime that aims to disrupt service that lives on the internet, like websites, servers, and others. The earliest use of the term Disrupted Denial of Service according to the Oxford English Dictionary is in 1998 in a report about a DDoS attack against NIS / NIS+ based networks [1]. The term Distributed Denial of Service really only has one meaning.
In a New York Times article titled “Hackers Used New Weapons to Disrupt Major Websites Across U.S.”, author Nicole Perlroth talks about how disruptive a DDoS attack can be by citing Dr. Simons: “A DDoS attack could certainly impact these votes and make a big difference in swing states” [3]. The use of the term Disrupted Denial of Service here refers to how harmful DDoS attacks can be to critical processes like the U.S. presidential election if votes were transferred through the internet. A Distributed Denial of Service attack can take down many essential systems that are needed by many people and businesses like Amazon Web Services which hosts many of the websites used by people and businesses for day to day operations and it would be catastrophic if those services were taken down by an attack.
In an article by Imperva, a cyber security software and services company, titled “DDoS Attacks”, talks about DDoS attacks, how an attack can flood a service with malicious traffic, and the types of DDoS attacks. In the article it says “DDoS attacks are quickly becoming the most prevalent type of cyber threat, growing rapidly in the past year in both number and volume according to recent market research” [4]. The use of the term Disrupted Denial of Service here refers to the many different types of DDoS attacks used to take down a site or service. Some of the different DDoS attack types mentioned are: UDP Flood, ICMP Flood, SYN Flood, Ping of Death, Slowloris, NTP Amplification, HTTP Flood, and Zero-day. Each type of attack uses a different method to reach the goal of denying service. For example, a UDP Flood floods a victim server’s ports with UDP packets which uses up all the server’s resources which can slow down the server or even cause it to eventually become unreachable by others.
DDoS attacks are a huge problem in today’s internet. Almost anyone can perform a DDoS attack because of online “booter” services which allow users to pay a subscription to access their botnet to perform the malicious attacks on their unsuspecting victims. This is why many companies spend thousands or even millions of dollars trying to mitigate these attacks to keep their vital services online for their consumers.
Working Definition
Based on the definitions and word history discussed, I would define the term Distributed Denial of Service as: A cybercrime that aims to disrupt internet services like websites and servers by utilizing computers (victims) infected with a trojan which allows the black hat hacker to control the victim’s computer and be used for a massive Denial of Service Attack to take down or disrupt services.
References
[1] “distributed denial of service, n.”. OED Online. September 2021. Oxford University Press. https://www-oed-com.citytech.ezproxy.cuny.edu/view/Entry/55777#eid233469643 (accessed October 08, 2021).
[2] “Denial of service attack (DoS attack).” Britannica Academic, Encyclopædia Britannica, 2 Feb. 2018. https://academic-eb-com.citytech.ezproxy.cuny.edu/levels/collegiate/article/denial-of-service-attack/471037. Accessed 8 Oct. 2021.
[3] N. Perlroth, “Hackers used new weapons to disrupt major websites across U.S.,” The New York Times, 21-Oct-2016. [Online]. Available: https://www.nytimes.com/2016/10/22/business/internet-problems-attack.html. [Accessed: 18-Oct-2021].
[4] “DDoS attack types & mitigation methods: Imperva,” Imperva, 14-Feb-2021. [Online]. Available: https://www.imperva.com/learn/ddos/ddos-attacks/. [Accessed: 31-Oct-2021].
