DDoS for the Layman
Today's outages (I didn't know of a larger outage until I tried to log into my university's website) remind me of the need for individuals to secure devices they have connected to the internet. For those who don't know what is going on, let me explain.
This morning a large number of big-name websites are unreachable, meaning you can't use them. This is due to a cyber attack on a popular provider of domain name system (DNS) services...remember DNS from the handover to the UN earlier this month? Same system but don't be quick to blame the UN because this isn't a UN problem.
Essentially what is going on is that the company, which is one of multitudes, providing DNS services to customers can't receive or process service requests. Computers at the company can't keep up with requests, more importantly the internet connections linking these computers to the world can't carry all the information being shoved into them. There is no problem with "the internet", but it's often easier to just say that than go into details.
How does this happen? Let's use an example anyone without knowledge of how the internets works will understand.
Imagine going to a restaurant which is only half-full and being seated; several tables being seated before you. You browse the menu, decide what you want, and look around the room for the server so you may place your order. The server is busy taking orders from tables who were already seated when you entered the restaurant so you patiently wait. After servicing tables which were seated before yours, the server starts to turn to your table. However, just as the server is turning, the table he is at asks a question about the menu. The server then responds to the question and turns to make his way to your table, but again is asked a question. Imagine this cycle continuing in perpetuity; the server would never arrive at your table to receive your order.
This is similar to what happens in Denial of Service (DoS) attacks but an easy solution would be to just ignore requests from the same address (or table in our example) after a certain number has been reached. There is a problem with this, what if there are thousands or millions of tables in the service queue before yours and they are all repeating questions to the server? We could address the problem by increasing the number of servers as well as keeping our rule to ignore requests after a certain number has been reached. This works well, but there is another case we must examine.
Suppose we have enough servers to keep pace with requests from tables but millions loudmouth of millennials with nothing better to do than disrupt the lives of others come into the restaurant's entryway and start yelling at the servers, completely drowning out any conversation between server and customer. Servers are unable to hear anything customers are saying. This problem can be analogous to a Distributed Denial of Service (DDoS) attack in which the host computers (servers) operate fine but the network connecting them to the customers has become clogged with nonsense requests.
"How does someone gain millions of computers and the network bandwidth to conduct a DDoS", you may ask.
This question brings us back to the initial thought. More often than not these attacks are conducted using ordinary desktop and laptop computers which have become infested with malware and/or viruses allowing them to be hijacked and used in DDoS attacks. Additionally, when users don't properly secure their computers nefarious individuals may be able to log in to them and set up DDoS attacks. Users of these infected and invaded computers often never know their systems are being hijacked even as they are using them.
This is one reason why it is imperative, for your own security and to be a courteous user connected to the internets, that you properly configure your computer security, install operating system and application updates, as well as install and maintain antivirus/antimalware software. Even with all of these it's important to stay away from questionable websites; if you must go to them run them in a virtual machine (VM) like OracleVM and don't allow file transfers to your real file system or network accesses between the VM and real network.