I heard on the news today that my favorite social network, Twitter, is being plagued by what they called a “denial of service attack”. What on Earth is that? They’re forced to not actually get service and it’s an attack? I mean, I’ve been to restaurants where I experience a denial of service, but how can something like that affect Twitter or Facebook or whatever?
Ha! I love the joke about denial of service at a restaurant. You could even have said that was what launched the entire Civil Rights movement decades ago, but that wouldn’t have been focused on what’s going on right now with Twitter and Facebook, among other sites.
The idea behind an actual denial of service attack (often called a DoS) is that if you flood the Web servers of a popular site with spurious, bogus queries, it’ll be so busy answering those bogus requests that it’ll have to reject legitimate connect requests from real users.
Think of it this way: if you were answering phones for a company and suddenly found that seemingly every single call was a prank, wouldn’t the people who were trying to call the company for legitimate reasons just get a busy signal, while you, the operator, were stuck dealing with and hanging up on the bogus callers?
There are also a lot of ways to implement a DoS too, as it happens, but the most common are so-called “smurf attacks” (technically, ICMP floods), where incorrectly configured network devices allow queries to be sent to all machines on a network, rather than a specific one. The more complex the network, the more this kind of thing can be crippling to the service.
Other ICMP floods include “ping floods”, where ping packets are sent incessantly, or SYN floods, where, you guessed it, SYN packets are sent with forged sender addresses.
Other types of Denial of Service attacks include “teardrop attacks”, “peer to peer attacks”, “application level floods”, “nukes” and “distributed attacks” (also known as DDoS, or distributed denial of service). The lattermost is particularly tough because hundreds or even thousands of machines can all be unknowingly contributing to the attack (if you really want to get into the weird nomenclature, it’s usually trojan attacks that compromise the individual machines, making them zombie agents.
Suffice to say, what’s happening to Twitter is very hard to address because if the tsunami of bogus queries are indistinguishable from legitimate ones, how can they shut it down or block it?
To learn more about Denial of Service attacks, check out the informative article on Wikipedia.
And as for Twitter? Hopefully that’ll be back up and fully online pretty darn soon!
Would this DOS have anything to do with the recent issues with mobile facebook? My app receives notifications as usual but for the last couple of days it will not let me view these notifications nor will it allow a poke back. i have to go to my mobile browser and view notifications, but the “like” option that allows you to view the “liker” (for lack of a better word, lol) will only bring me back to my home page when i click on it. its very frustrating and i have visited several sites, discussions and forums but i find nothing but speculations. Based on other complaints all users are experiencing the same symptoms with no common denominator (model phone/smartphone, carrier). after reading your response i am wondering if the issues are a result of your explanation of “teardrop attacks” I was also concerned because i have not seen anything issued from Facebook acknowledging a problem/solution. Please, i would love some advice on this.
Sometimes there are other motives. There’s a pretty well known DNS hole that will let you re-route all the traffic to a new site. It’s been tried with Trend Micro but it failed because they have protection in place. Basically they tried to take down the site and then replace it with a download to their own software that would just add more computers to their botnet. You could even go as far as taking down banking websites and sending everyone to your own servers.
Sometimes, the reasons behind a DDoS attack can be obvious. For example, if they can take down the Microsoft Windows update site, or an anti-virus website, they can prevent you from getting the update that could prevent the new infection.
On the other hand, I suppose there might still be the occasional “I like to disrupt things and make the evening news” reasons.
A very interesting question, Rick. As far as I have read, there’s no consensus on what’s going on and while some sites might garner dislike in certain communities, I think Twitter is fairly neutral as a social network. We might learn more in the next few days as the traffic patterns and attacks are analyzed, but this might be one that’s never properly clarified.
I have some follow on questions to your DoS post… What is the motive for an act like this? Is it just plain old vandalism by geeks with nothing better to do? Or is there something more to it?
Rick.