Distributed Denial of Service (DDoS) Attack
Be Informed; Be Prepared
(source: by Mark Schuchter, Distributed Denial of Service Attacks,
- <1999: Point2Point (SYN flood, Ping of death, ...),
first distributed attack tools ('fapi')
- 1999: more robust tools (trinoo, TFN, Stacheldraht),
auto-update, added encryption
- 2000: bundled with rootkits, controlled with talk or
- 2001: worms include DDoS-features (i.e. Code Red), include
- 2002: DrDos (reflected) attack tools, (179/TCP; BGP=Border
- 2003: Mydoom infects thousands of victims to attack SCO and
(compiled from various sources, including Wikipedia, DataCenter
- February 2000 - DDoS attack caused shutdown of
Yahoo, eBay and Amazon for a few hours.
- January 2001 - First major attack involving DNS servers as
reflectors. The target was Register.com.
- February 2001 - The Irish Government's Department of
Finance server was hit by a denial of service attack carried out as
part of a student campaign from NUI Maynooth.
- May 2001 — Worm Code Red was supposed to attack
White House website.
- October 2002 - Attackers performed DNS Backbone DDoS
Attacks on the DNS root servers and disrupted service at 9 of the 13
- August 2003 — Worm Blaster attacks Microsoft web
- January 2004 — MyDoom attacked 1 million
- February 2007 - Attackers performed a second set of DNS
Backbone DDoS Attacks on the DNS root servers and caused disruptions at
two of the root servers.
- February 2007 - More than 10,000 online game servers in
games such as Return to Castle Wolfenstein, Halo, Counter-Strike and
many others were attacked by "RUS" hacker group. The DDoS attack was
made from more than a thousand computer units located in the republics
of the former Soviet Union.
- April-May 2007 - A spree of
against Estonia's prime minister, banks, and less-trafficked sites run
by small schools.
- July 2008 — A DDoS attack directed
containing the message: "win+love+in+Rusia" [sic] effectively
overloaded and shut down multiple Georgian servers. Websites targeted
included the Web site of the Georgian president, Mikhail Saakashvili,
rendered inoperable for 24 hours, and the National Bank of Georgia.
- March 30 - April 1, 2009 - Cloud computing provider GoGrid is
hit by a "large, distributed DDoS attack," which
disrupts service to about half of its 1,000 customers."
- March 31, 2009 - A DDoS attack knocks UltraDNS offline for
- April 2-5, 2009 - Domain registrar Register.com is hit with
a DDoS that causes several days of disruptions for its customers.
- April 6-7, 2009 - Customers of The Planet are hit by web
site outages as a result of a DDoS aimed at the huge hosting company.
- June 2009 - The famous P2P site known as The Pirate Bay
was rendered inaccessible due to a DDoS attack.
- June 2009 - Iranian election protests, foreign
activists seeking to help the opposition engaged in DDoS attacks
against Iran's government. The official website of the Iranian
government was rendered inaccessible on several occasions. Critics
claimed that the DDoS attacks also cut off Internet access for
protesters inside Iran; activists countered that, while this may have
been true, the attacks still hindered President Mahmoud Ahmadinejad's
government enough to aid the opposition.
- July 2009 - Multiple waves of cyber
attacks targeted a
number of major websites in South Korea and the United States: the
White House, Department of Transportation, Federal Trade Commission,
and the Department of the Treasury. Hit at the same time were the
Washington Post and the New York Stock Exchange. The attacker used
botnet and file update through Internet is known to assist its spread.
Investigation is still underway.
We are now offering to any organization, public or private, a
risk-free, no-obligation "red team" test attack to help them assess the
reliability of critical network assets in the face of DDoS attacks. Details.