Distributed Denial of Service (DDoS) Attack

Be Informed; Be Prepared

DDoS Timeline

(source: by Mark Schuchter, Distributed Denial of Service Attacks, PowerPoint Presentation)
  • <1999: Point2Point (SYN flood, Ping of death, ...), first distributed attack tools ('fapi')
  • 1999: more robust tools (trinoo, TFN, Stacheldraht), auto-update, added encryption
  • 2000: bundled with rootkits, controlled with talk or ÍRC
  • 2001: worms include DDoS-features (i.e. Code Red), include time synchro
  • 2002: DrDos (reflected) attack tools, (179/TCP; BGP=Border Gateway Protocol)
  • 2003: Mydoom infects thousands of victims to attack SCO and Microsoft

DDoS Incidents

(compiled from various sources, including Wikipedia, DataCenter Knowledge)
  • February 2000 - DDoS attack caused shutdown of Yahoo, eBay and Amazon for a few hours.
  • January 2001 - First major attack involving DNS servers as reflectors. The target was Register.com.
  • February 2001 - The Irish Government's Department of Finance server was hit by a denial of service attack carried out as part of a student campaign from NUI Maynooth.
  • May 2001 — Worm Code Red was supposed to attack White House website.
  • October 2002 - Attackers performed DNS Backbone DDoS Attacks on the DNS root servers and disrupted service at 9 of the 13 root servers.
  • August 2003 — Worm Blaster attacks Microsoft web pages.
  • January 2004 — MyDoom attacked 1 million computers.
  • February 2007 - Attackers performed a second set of DNS Backbone DDoS Attacks on the DNS root servers and caused disruptions at two of the root servers.
  • February 2007 - More than 10,000 online game servers in games such as Return to Castle Wolfenstein, Halo, Counter-Strike and many others were attacked by "RUS" hacker group. The DDoS attack was made from more than a thousand computer units located in the republics of the former Soviet Union.
  • April-May 2007 - A spree of denial-of-service attacks against Estonia's prime minister, banks, and less-trafficked sites run by small schools. (http://www.computerworld.com/s/article/9019725/Estonia_recovers_from_massive_DDoS_attack)
  • July 2008 — A DDoS attack directed at Georgian government sites containing the message: "win+love+in+Rusia" [sic] effectively overloaded and shut down multiple Georgian servers. Websites targeted included the Web site of the Georgian president, Mikhail Saakashvili, rendered inoperable for 24 hours, and the National Bank of Georgia.
  • March 30 - April 1, 2009 - Cloud computing provider GoGrid is hit by a "large, distributed DDoS attack," which disrupts service to about half of its 1,000 customers."
  • March 31, 2009 - A DDoS attack knocks UltraDNS offline for several hours.
  • April 2-5, 2009 - Domain registrar Register.com is hit with a DDoS that causes several days of disruptions for its customers.
  • April 6-7, 2009 - Customers of The Planet are hit by web site outages as a result of a DDoS aimed at the huge hosting company.
  • June 2009 - The famous P2P site known as The Pirate Bay was rendered inaccessible due to a DDoS attack.
  • June 2009 - Iranian election protests, foreign activists seeking to help the opposition engaged in DDoS attacks against Iran's government. The official website of the Iranian government was rendered inaccessible on several occasions. Critics claimed that the DDoS attacks also cut off Internet access for protesters inside Iran; activists countered that, while this may have been true, the attacks still hindered President Mahmoud Ahmadinejad's government enough to aid the opposition.
  • July 2009 - Multiple waves of cyber attacks targeted a number of major websites in South Korea and the United States: the White House, Department of Transportation, Federal Trade Commission, and the Department of the Treasury. Hit at the same time were the Washington Post and the New York Stock Exchange. The attacker used botnet and file update through Internet is known to assist its spread. Investigation is still underway. (http://www.computerworld.com/s/article/9135274/Online_attack_hits_US_government_Web_sites)
  • August 6, 2009 - Several social networking sites, including Twitter, Facebook, Livejournal, and Google blogging pages were hit by DDoS attacks, apparently aimed at Georgian blogger "Cyxymu". Although Google came through with only minor set-backs, these attacks left Twitter crippled for hours and Facebook did eventually restore service although some users still experienced trouble.


Parabon Responds

We are now offering to any organization, public or private, a risk-free, no-obligation "red team" test attack to help them assess the reliability of critical network assets in the face of DDoS attacks. Details.