Essay on Distributed Denial of Service (DDoS)

Most people globally all find themselves engaged either in school, work, travels, etc. The tight schedules have proved to an opportunity for companies to provide online services. Companies are now trying to make everything online. There are now online classes, shopping and payment of bills all with an objective of making life easy for users. The growth of new technology around the world is also trying to related most of the businesses, schools, companies and organizations to the World Wide Web by creating websites. The reason is to make them easy for the users to use, access, monitor, control, and manage. For example, you can download an App on your phone to turn on/off your car, check the air pressure, vehicles oil level, etc. on the other hand. These websites need a web server to use hypertext transfer protocol (HTTP) port to make the files on the server which belong to the web sites accessible by the users. The screenshot below is an illustration with some files of a website that I designed. The web server will save all these files and make them available to the users. Availability is the most valuable concern to any individual which is the third phase of the CIA triangle. Without the availability of these files/web servers, the websites will have zero value.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

According to our guest speaker, Distributed Denial of Service (DDoS) is a common attack used by hackers to compromise the system, shut down the data and also shut down the server. The attacks have resulted in the company losing a lot of money. The reputation from its users is also compromised. She further went ahead to mention about a scenario whereby a student used the DDoS attack against the school.

According to webopedia.com.

DDoS is short for Distributed Denial of Service. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack (webopedia.com).

According to me I think DDoS occurs when the server is flooded by multiple packets resulting to malfunctioning. The DDoS usually send packets to the HTTP port 80 by sending big volume of TCP, UDP and ICMP. DDoS attacks are distributed via botnets. A recent example about DDoS, happened on October 21st 2016, the attack targeted Dyn DNS service provider and affected New York Times, Reddit, Twitter, Spotify, and eBay. The type of the attack was flood of UDP which is a big number of requests. Another type of DDoS is Botnet/Zombie army

According to searchsecurity.techtarget.com.

A botnet (also known as a zombie army) is some Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based (searchsecurity.techtarget.com).

According to Kaspersky DDoS Intelligence Report for Q1 2016 illustrated by the screenshot below indicating the first quarter of 2016 type of DDoS. The number of DDoS increased every year, by comparing 2015 and 2016, there was an increased number of DDoS by 137.5%. It projected that the number would go up in 2017.

Source (securelist.com)

In conclusion, this significant number of DDoS attack pushed the law to make a legal decision to protect the users from attackers. The right solution for these issues is through the creation of law/regulations against the attackers. Considering DDoS is illegal activity, and a crime falls under the Computer Fraud and Abuse Act (CFAA) and federal statutes. The primary federal law that applies to most DDoS-related attacks is the Computer Fraud and Abuse Act or 18 U.S.C. 1030.

According to the Computer Fraud and Abuse Act (users.atw.hu).The act of breaking into hundreds or thousands of computers to install DDoS handlers and agents may violate 18 U.S.C. 1030(a) (3) (trespassing in a government computer). If a sniffer is used to obtain passwords as part of this activity, the attacker may have violated 18 U.S.C. 1030(a) (6) (trafficking in passwords for a government owned computer) or 18 U.S.C. 2510 (wiretap statute). (users.atw.hu)

References

(2016). Kaspersky DDoS Intelligence Report for Q1 2016. Retrieved November 15, 2016, from https://securelist.com/analysis/quarterly-malware-reports/74550/kaspersky-ddos-intelligence-report-for-q1-2016/

(n.d.). Mass internet disruption caused by DDoS attack on DNS Company Dyn (update). Retrieved November 15, 2016, from http://venturebeat.com/2016/10/21/dyn-dyn-dyn-internet-ddos-attack-back-up/

(n.d.). What is botnet (zombie army)? - Definition from WhatIs.com. Retrieved November 15, 2016, from http://searchsecurity.techtarget.com/definition/botnet

Automatic Bibliography Maker. (n.d.). Retrieved November 15, 2016, from http://www.bibme.org/apa/

Beal, B. V. (n.d.). DDoS attack - Distributed Denial of Service. Retrieved November 15, 2016, from http://www.webopedia.com/TERM/D/DDoS_attack.html.

Can attackers get anything with DoS attacks except crashing the service? (n.d.). Retrieved November 15, 2016, from http://security.stackexchange.com/questions/90191/can-attackers-get-anything-with-dos-attacks-except-crashing-the-service

Smith, D. (2016). How Friday's Massive DDoS Attack on the U.S. Happened. Retrieved November 15, 2016, from https://blog.radware.com/security/2016/10/fridays-massive-ddos-attack-u-s-happened/

H. (n.d.). DDoS attacks increase over 125 percent year over year | ZDNet. Retrieved November 15, 2016, from http://www.zdnet.com/article/ddos-attacks-increase-over-125-percent-year-over-year/

8.2. Laws That May Apply to DDoS Attacks. (n.d.). Retrieved November 15, 2016, from http://users.atw.hu/denialofservice/ch08lev1sec2.html