As I understand a distrubuted denial of service attack a whole bunch of computers request info from a server in an attempt to crash it or at least effectivally remove it from the internet. Is this basically the same thing that brings this board to it’s knees during peak hours?
Well, a DDOS is usually done maliciously, and by a single person or small group of people. What happens to the boards is usually the result of a large group of people visiting the site, and consuming all the bandwidth/resources.
Look at it this way, a DDOS is the result of a group of people picketing a store, and preventing you from getting inside. What happens to the boards is akin to the store being full, and hence, you can’t get inside.
Or more accurately, the DDOS is someone simulating a large number of users. The effects are the same (board is down) but the reason is very different (many legit users vs. small number of malicious users)
So what you say is true, yes it is a large number of requests to the site. Under normal circumstances, this is from a large number of people. A DDOS is a small number of people, who have taken over a large number of machines.
Ok I got the small# vs large number but to the server is it the same thing. What I mean is a DDoSA actually requesting ‘threads’ like **DDoS Attack and slow SDMB same thing? ** and others or is it just pinging the ip address and really not requesting any info excpet a reply?
From your picketing analogy it would look like no real info is being accessed.
In general, that is correct with a DoS attack. The method may be pinging or, more likely, some other such network command that results in a flood of useless data flow. I can’t add a whole lot to what Etherman said, except that in most of the DoS attacks with which I’m familiar the target is really the network hardware rather than the server itself; i.e., the routers, etc., are kept busy enough that no legitimate requests can get through to the server. If I am overly generalizing, I’m sure that EM or someone else will be along to correct me.
RR
The main difference between a DoS (or DDoS) attack and just a bunch of users on the SDMB searching through threads is the ports that are being accessed. Without going into much detail, basically a website responds to page requests (like you going to the GQ forum) through the HTTP port.
Most DDoS attacks work by overloading either the Ping or ICMP ports with a bunch of packets sent by “zombies” (computers that unknowingly have malicious scripts running on them). The Server ends up using all its bandwith replying to (or echoing) these packets, and when you try and access the site you usually time-out because the server hasn’t had enough time to respond to your legitimate request.
To an extent, there is info being accessed in these types of attacks. Basically, when the server responds, it sends a packet of its own that holds a bunch of technical information. The ICMP port is usually used for trouble-shooting, so the packets that are sent out from there usually hold information about the Operating System and other technical stuff. The Ping packet just has information about where the original packet came from and how long the packet should be kept alive on the network. If the response time is longer than the “keep alive” time, then that packet gets timed out.
When a bunch of users are accessing pages on the SDMB or any other website, the site slows down because both the bandwith is being taken up by sending out pages of text, and also because the server is slowed down by the work required to go to the database (or harddrive) to get all the information that is being requested.