What DoS/DDoS Is
A Plain English Explanation
By Curve
If you are a DALnet user, then it will have been pretty hard to escape talk of Denial of Service (DoS) attacks. You'll have probably heard the phrase used as the reason behind servers splitting and it getting increasingly difficult to talk to your friends.
Some who have heard this phrase, are probably wondering what on earth it means and why it stops you getting on DALnet and chatting. Some may also be wondering why DALnet don't just 'fix it'. If this describes you, then hang on in there, because i'm going to explain this odd DoS stuff for you non-techy types.
First, let's get the background to this story out of the way. When you chat on DALnet, you are making information flow back and forth between different servers. Whenever you /msg services, or talk to people on a different server in private or in a channel, little parcels of information are being exchanged between those servers.
So let's imagine...
You live in a little house at the end of a lane. You run a business from your little house, and delivery men go back and forth down your lane all day picking up and dropping off the parcels and letters which keep your business running efficiently. You always keep your lane well maintained, so the delivery men have no problem traveling up and down it.
One day a huge group of clowns in floppy hats come swarming down your lane and into your house, completely over-running it. Now you can't move in your house and, worse still, the place is so crammed full of clowns that the delivery men are having great difficulty pushing through the crowd to drop off parcels and pick up your letters to take away. Every now and then a delivery man manages to find you and deliver a parcel, but nowhere near as much as usual and, eventually, your business starts to suffer and grinds to a halt. You've just had a Denial of Service attack on your business.
Naturally, you're pretty pissed off about this clown problem so you set about finding out where they come from. Eventually you track them back to a local circus, so you resolve to do something about it. The top of your lane opens on to a bigger road, and half-way up that road is a check-point which stops all travelers and tells them the best route to get to their destination. You take a walk up to the check-point and explain about your clown problem and they, in return, agree to turn away any travelers coming from the circus who want to go down your lane. This seems to work pretty well and life goes back to normal, with the delivery men about to come and go to your house. You've just solved the Denial of Service attack on your business by getting someone 'upstream' to ignore any information coming from the place that attacked you.
Time passes then, one day, the clowns return and there are more of them than ever before. Not only are they over-running your house, but they are blocking your lane all the way to the top. There are so many of the damn things that your delivery men can't get anywhere near your house and your business stops instantly. You phone up the check-point and yell that the clowns are back, but the check-point replies that they are still preventing anyone from the circus from entering your lane so they don't know where your new clown problem is coming from.
You investigate where these new clowns are coming from and, to your amazement, you discover that the circus owners have broken into 1,000 houses in the area, turned them into circuses and have sent hundreds of clowns to your house from each one. Now you despair, because there are far too many points of origin for the check-point to stop and your business can't function with a lane full of clowns stopping the delivery men getting through. You've just had a Distributed Denial of Service attack on your business.
At this point you have to take emergency action to stop your house falling apart under the weight of clowns crowding into it, so you board up the front door and all the windows. The clowns are still filling your lane, but now they can't get into your house (neither can any delivery men though), so your house is not in danger of collapsing anymore. You then telephone your delivery companies and tell them that they shouldn't try delivering for a few days. Your business is now suspended until further notice. At this point you realise that the only way your business can start up again is if the circus owners stop sending the clowns, or you manage to find the circus owners and get them arrested.
Now step back to the real world and imagine that the house is a DALnet server, the lane is the connection to its provider and the bigger road is a larger connection to the rest of the Internet. The check-point in our little story is a router - a machine which, quite literally, sends information on the best route to its destination. The delivery men are packets; parcels of information traveling back and forth to the server. The clowns are also packets, however they are sent maliciously and carry useless information simply meant to fill your connection and grind your server to a halt with their size and number. If all the malicious packets are coming from the same place, it is sometimes possible for a router upstream from the server to stop the packets from getting through. However, if the malicious packets are coming from hundreds of different places - usually from home computers which have been infected with a trojan and are being controlled by a criminal - then it is almost impossible to block them all. That results in the server being attacked and its connection swamped. When that happens to a DALnet server, the rate at which information goes back and forth to you slows (lags), and eventually stops...at which point the server splits. All a server administrator can do then is to make the server unreachable and wait for the attack to stop.
I hope this gives a better idea of what is happening when DALnet servers get attacked, and why there is no easy solution for them!
ŠEmma/Curve 2002
