What are DDoS attacks, its history and types


What are DDoS attacks? Types of DDoS attack and its history

DDoS attack description:

A denial-of-Service attack is a cyber-attack in which the attacker aims to disrupt the normal functioning of a computer or device, thereby denying the use of that service to its users. The way this is achieved is by flooding the service with a higher number of requests than it can handle, thereby denying the actual users of the service access. If this attack comes from multiple sources it is termed as a Distributed Denial of Service Attack.

History of DDos

The first every DoS attack occurred over 40 years ago, courtesy of high school student David Dennis. In 1974, David was a student at the University of Illinois at Urbana-Champaign. Located across the street was the Computer-Based Education Research Laboratory (CERL). CERL at the time used PLATO, a computerized and shared e-learning system, which would be one of the first of its kind. David learned about the “external” or “ext” command that could be run on PLATO’s terminal and allowed it to interact with connected external devices. However, if the command was run with no devices connected, it would cause the terminal to lock-up with the only way to regain control is shutdown and restart of the machine.

Curiosity got the better of David and he decided to see what would happen if a room full of users was forcefully lockout out of the system. He ended up writing a computer program that would send the “ext” command to multiple PLATO terminals at the same. He tried out the program at CERL, forcing all of the 31 users of the service power off their machines immediately. The acceptance of the “ext” command from a remote device had to be stopped to fix this issue.

In the 1990s, Internet Relay Chats (IRC) began gaining popularity. In these chats, the administrator of a chat would lose his or her powers once they logged out of the chat. This caused a battle among users for control of the chat, to the extent that hackers would attempt to force all logged in users out of a chat. Then, by being the only user left, they would gain administrative control. These attacks were carried out using simple bandwidth-based DoS attacks.

The spread of DDoS

August 1999 witnessed the first major DDoS attack when a tool named “Trinoo” was used to disable the computer network of the University of Minnesota for 2 whole days. Trinoo consisted of a network of computers termed Masters and Daemons. The hacker would send a DoS instruction to some of these masters. The masters, would in turn forward these instructions to multiple Daemons which would cause a UDP flood against the intended target IP. Trinoo did not hide the IP address of the Daemons which led authorities to contact the owners of these Daemons, who in turn had no clue that their machines were being used to carry out an attack.

Some other tools used in these early days include “Shaft” and “Omega” which would collect statistics on thee attacks from their victims. These statistics enabled hackers to better understand the attacks, their results and even receive a notification when an attack detected and stopped. Once attackers started focusing on these attacks, DoS attacks started gaining popularity, with their distributed nature making it harder for them to be detected and stopped eventually leading hackers to take on larger, more prominent targets using improved tools and methods.

At the onset of this millennium, DDoS attacks had achieved mainstream popularity with these attacks being used to take down various businesses, financial institutions, and government agencies. In 2002, 13 of the Internet’s root name DNS servers were taken down by these attacks. DNS servers are responsible for mapping URLs to IP addresses and taking them down would hamper the use of the Internet as we now know it.

As the technology used for DDoS attacks have evolved, so our its purposes. While it started out with a curious high school kid – and some of these users still exist – recent years have brought a steady increase in the number of DDoS attacks—powered by changing, and increasingly complex, motivations.

Hackers of the modern era

Hacking required a particular set of skills. In today’s time, however, one can unleash an attack with no computer knowledge whatsoever, just by paying for the service. While there exist hackers and hacktivists who prefer building their own “cyber armies”, many are coming to realize the ease of paying for the service of carrying out a DDoS attack, overbuilding their very own network of botnets. As attack tools and services become increasingly easy to access, the pool of possible attackers—and possible targets—is larger than ever.

The phenomenon of selling DDoS attacks as a service is also shortening the gap between amateur and experienced hackers and enabling exponential growth in a number of attacks. The selling of attacks as a service is also fueling research into more efficient tools to be used. Some marketplaces have even been known to offer a rating system to allow users to leave feedback.

This just emphasizes that preparing for the most common types of attacks just isn’t enough anymore. There are hundreds of encrypting malware types, many of which were developed and discovered only recently. Furthermore, DDoS for ransom groups are professionals who leverage a set of network and application attacks to demonstrate their intentions and power.

Common DDoS Attacks

NTP Flood (NTP Amplification)

Network Time Protocol, as the name would suggest is responsible for synchronizing clock times across devices over a network. The principle of this attack is to use publicly accessible NTP servers to flood the target with UDP packets.


The principle behind the attack vector is abusing the communication stage of the TCP handshake, wherein the server generates an SYN-ACK packet to acknowledge the client’s request. To execute this onslaught, crooks inundate the CPU and RAM resources of the server with a bevy of rogue SYN-ACK packets.

VOIP Flood

The attack type is self-explanatory. Hackers flood the target server with bogus VOIP requests thus overloading the server

HTTP Flood

Legitimate GET or POST HTTP requests are sent to the server in this attack, overcoming the obstacle of a server rejecting fake requests. Since the requests are legitimate, the server responds to each of these requests. The server gets taken down when too many requests reach the server.

Misused Application Attack

This attack uses legitimate client computers running resource-intensive applications such as P2P tools. The traffic from these users is redirected to the target server in an attempt to take it down. This DDoS technique is hard to prevent as the traffic originates on real machines previously compromised by the attackers.

You can find more DDoS attacks and their details in a related article here.

References :




Notify of
Inline Feedbacks
View all comments