Yesterday, (March 3rd 2011) there was a massive DoS attack that hit WordPress.com. Cisco Skill’s uses WordPress.com has a hosting provider but is not believed to one of the sites hit. There still is no word on who or why they targeted WordPress.com but goes to show that Denial of Service is still a popular type of attack and although simple to set up they can still bring down enterprise networks.
So what exactly is denial of service? To make it simple a denial of service can be a range of things but the main goal of a DoS attack is to slow the network down so real traffic can’t get access or is extremely unresponsive. One example is using the one of the TCP services and do a SYN flood, which a host or thousands of hosts send thousands of SYN packets to the server. The server sends a SYN ACK but the host does not respond leaving the session open until a timeout occurs. By having all these fake sessions open the server may not be able to handle additional traffic making it seem the service is unavailable. There are many more types of denial of service attacks and the SYN flood is just one example.
These DoS attacks have been around for a while and they are relatively easy to set up and configure. An attacker could infect machines with a virus that the user or anti-software is unaware of its existence. The virus waits until it has been activated by the remote attacker. This virus could have spread to hundreds of thousands of machines and are waiting for the attacker to start the attack once activated the denial of service starts and the attacker can pick which target to bring down.
Matt Mullenweg the founder of WordPress.com wrote an e-mail sent to CNET.com and said the following:
There’s an ongoing DDoS attack that was large enough to impact all three of our data centers in Chicago, San Antonio, and Dallas–it’s currently been neutralized but it’s possible it could flare up again later, which we’re taking proactive steps to implement.
This is the largest and most sustained attack we’ve seen in our six-year history. We suspect it may have been politically motivated against one of our non-English blogs but we’re still investigating and have no definitive evidence yet.
Check out my recent post of Understanding TCP to learn how the TCP protocol works in a simplified form. You can also find more information about how a denial of service works do a simple web search to find more information.