Why is DDoS so common?

Portal Home > Knowledgebase > Articles Database > Why is DDoS so common?

Posted by BlackxxJapan, 02-21-2013, 01:54 AM
I see many threads asking for help regarding DDoS attacks or looking for DDoS-proof servers. Do these people just have a lot of enemies? What kind of industries attract such attacks?
Posted by ArtieT, 02-21-2013, 01:59 AM
It's more like other jealous providers and customers who break policy really.
Posted by mSuleman, 02-21-2013, 04:26 AM
Totally agreed. Specially game servers where kids play games all times and then start fighting and DDOS your server + hacking, warez websites. Last edited by mSuleman; 02-21-2013 at 04:29 AM.
Posted by LankapartnerHost, 02-21-2013, 04:35 AM
few people think they are the owners of webhosting industry. they not like others growing up.me and my few friends experienced attacks after start posting offers in WHT. that means those "jealousy" people arround WHT too and they looking what you doing & what you offer & how your business growing/
Posted by bune, 02-21-2013, 04:52 PM
DDOS attacks can happen due to various reason like to disrupt the network or for illegal gain it always better to be alert and then sorry
Posted by trustedhosting, 02-22-2013, 01:53 AM
You should read a book called "Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet". This book talks a lot about DDoS, who started DDoS, why DDoS has become common and lucrative and who is fighting DDoS. The book is written by third party perspective, but I can personally confirm to an extent that the material in the book is accurate. I personally know some of the characters as written about. What's funny is that I stumbled upon the book by chance and to my surprise some of my associates, and surprisingly their real names, were included in the story. You might also want to check out www.prolexic.com, who is a leader in DDoS mitigation and can provide a lot of guidance and understanding on the subject. Coincidentally, you will notice that Prolexic was started by the characters written about in the book... DDoS is a very small world.
Posted by Mar1in_H, 02-22-2013, 02:49 AM
Hello, Most of the time, it the that small kids, newly born hackers who want to test their skills.. then there are people who want to pull their competition down and DDoS is the easiest way to do it.. I have also heard that companies who sell DDoS protection services are also involved in attacking their prospect clients however that is on larger scale and hell lot of money..!
Posted by Patrick, 02-22-2013, 10:13 AM
DDoS attacks are very common because there are a lot of people in this world with small penises and as a result they will find themselves as virgins still living in their mothers basements until they are 39. That's the honest to god truth as to why people DDoS attack. It makes them feel normal.
Posted by sash_007, 02-23-2013, 09:27 PM
lol hahaha
Posted by DeltaAnime, 02-23-2013, 09:50 PM
It's cheap. You can buy a booter on hackforums for $10 and users may have to spend multiple thousand a month to protect against it. You got lots of dirty hosts in Europe that don't block packet spoofing either or even condone the actions "So long as you rate limit". Francisco
Posted by reto, 02-24-2013, 11:49 AM
DDoS is initiated by various people and for various reasons. You have the hacker wannabe's, hacktivist copycats, bored students, extortionists, competition and political opposition activists, etc. that may be the culprit behind an attack. Whereas some just want to shut you down, i.e. take you off the Internet, others will try to get you to pay them in order for them to "stop". Trouble with today's DDoS is it's getting cheaper by the day, and you don't have to be a real hacker to initiate it. A $50-80/day attack may cost you a lot more in lost revenue or reputation. And to mitigate such an attack may cost considerably more, depending on type ans size of flood. DDoS is not just a weapon of jealousy or pure wickedness anymore, it can make you spend enormous amounts of money, especially if you try to defend against it by youself.
Posted by DeltaAnime, 02-24-2013, 02:20 PM
OK sized floods aren't $50 - $80/day anymore, alas. 200,000 pps/2Gbit UDP floods are very common from booters and average selling price is $5 - $10/m. Sure your account may not last the whole month since these things deadpool faster than VPS hosts. For $5 - $10, though, you can either force your enemy into buying up fairly pricey filtering or just run them out of the market if you so wish. Francisco
Posted by Duff-Man, 02-24-2013, 04:18 PM
DDoS seems to be the easiest method to hack a stie.
Posted by YDomer, 02-24-2013, 11:10 PM
DDoS isn't really a hack... Anyway, as others have mentioned its cheap, much cheaper to conduct an attack than stop one. The sad reality is there is so many poorly configured devices out there its not hard to get a good amount of bots in a short period. Lately I have been seeing a big increase in router botnets, people exploiting default passwords left on linux based routers. DDoS makes the skiddies feel powerful, that is about all.
Posted by BestServerSupport, 02-25-2013, 12:07 AM
They are mad.They are mad that they can't play on the server because they were banned, and have a "if I can't play, no one can play". For the lulz of pissing other people off.
Posted by Cloudc, 02-25-2013, 07:10 PM
As far as I see, some politicians use ddos attacks in order to resolve issues with opponents, and many companies sponsor ddosers in order to get rid of competitors. DDoS attacks increased dramatically in numbers and become more often mentioned by mass media. In future I think it will become such an issue that there will be created very harsh laws against ddosers and this problem will become intensively prosecuted.
Posted by TrentaHost, 02-25-2013, 07:12 PM
The reason is because people have nothing better to do with their life... hahah! Truth be told it's just a dirty way of getting back at people who are competing or doing better then you. It's very very common and shouldn't attack any provider by surprise.
Posted by CleanVPS, 03-02-2013, 09:54 PM
13-14 years ago we were also a victim of DDos attack in a way that we even considered NULLing a hug chunk of our IPs (that was the only suggestion our DC had for us!). Luckily back then we used Snort and interestingly enough it stopped the attack and saved our business. We never were a game hosting provider and I am sure we were not that big to be of any serious issue to our competitors (although we had a firm anti-spam policy and we had terminated few accounts for such activities) I believe there are people who enjoy finding vulnerabilities, it maybe makes them feel in power or cool and DDos is one that doesn't necessarily need that much of a technical skill.
Posted by Toki Wartooth, 03-05-2013, 06:28 PM
I usually just browse WHT because I like to read about the news, though I'm not a hosting provider or terribly knowledgeable in regards to the industry. I've always wanted to have a game server or two through a cheap colocation connection but this isn't the first time I've read that game servers get DDoS so I'm certainly not going to be able to convince a host for a discount because I just want to colo a game server. I'm just wondering, how easy is it to do a DDoS attack? To me, it seems like there would be too much effort involved to just to knock down a game server for a while.
Posted by GeekDub, 03-05-2013, 06:53 PM
People suck is why.
Posted by AMQnetwor8, 03-06-2013, 12:00 AM
Actually, the tools used to launch DDoS attacks are cheap, widely available and very easy to master. For instance, anyone can download software called low orbit ion cannon (LOIC), enabling them to strike whoever they wish on a large scale. Botnets, the networks of infected computers assembled for attacks, can actually be rented, at a very affordable rate.
Posted by DimeNOC Vikki, 03-07-2013, 01:57 PM
I don't know about any one else, but the folks that do it because they are bored, where do they get this kind of time? *Baffled*
Posted by AL-Benjamin, 03-07-2013, 05:54 PM
Some people are just mean.
Posted by -NeoN-, 03-08-2013, 12:09 AM
We run an e-commerce site and new competitors have DDOS'd us on multiple occasions. As a small business a DDOS kid can spend like a few hundred bucks and force you into spending thousands in mitigation to stop it. In the real world if someone came into my business and cost me tens of thousands of dollars they would face felony charges. On the internet these kids can hit you with booters a few times per month thus costing you the same amount of money over some months. In theory DDOS is of course a serious crime but unfortunately the nature of them makes them pretty much untraceable. It's interesting how cowards that wouldn't even have the brashness and ego to rip off a pack of gum think nothing of doing major financial damage to others. I also have to put some blame on various public forums and communities that sell hack software and DDOS services and their webhosts and payment processors do NOTHING.
Posted by Cloudc, 03-11-2013, 09:56 AM
How do you protect business from DDoS attacks? The same way you protect a bank or a jewelry store from robberies or bankruptcies - you buy insurance, build a surveillance system and hire security guards. The same way we deal with ddos attacks - although the authorities take care of many botnet owners, each business has to be monitored and protected 24 hours a day. So the common rules of sense work with ddos attacks as well.
Posted by TheVisitors, 03-11-2013, 12:10 PM
I was surprised to learn that some web host will use "slow ddos" or "low yield" attacks to raise up bandwidth usage on their own customers. Why? So they can charge them with overages. This doesn't seem to be common, but I've found 2 host who actually did this. One of them denied it and the other came clean about it. Of course this similar to falsify the usage in order to do the same thing....
Posted by incloudibly, 03-12-2013, 04:40 AM
1. DDoS attacks are cheap and it's easy to find a person offering this type of 'service'. 2. DDoS attacks are anonymous and in most cases you can't tell who launched it. 3. Chances that attackers get busted and prosecuted are fairly low. 4. Number of compromised computers on high-speed network connection is sky-rocketing. It means attackers can hit at higher rates with less zombies involved. That said, DDoS attacks are an extremely efficient competition/revenge method that is becoming increasingly popular. It's just a matter of time when you get hit if you are a crowded website or service owner.
Posted by Bodybuilder, 03-12-2013, 04:49 AM
To much hate going on.
Posted by XTF0, 03-12-2013, 07:43 AM
Is that per minute or per month? What is a booter?
Posted by XTF0, 03-12-2013, 07:48 AM
That's not a distributed attack, is it?
Posted by XTF0, 03-12-2013, 07:54 AM
The root cause is the internet community at large failing to properly address this problem. Individual server owners can't solve this. Consumers aren't server administrators or security professionals, but they regularly have access to tons of cheap bandwidth. We can't expect them to take care of this either. Last edited by XTF0; 03-12-2013 at 08:09 AM.
Posted by jennyhy, 03-12-2013, 02:23 PM
They're just people who want to prove that they have the technical skills to bring down big corporations, instead of contributing something constructive like, getting a real job!
Posted by SarahA, 03-12-2013, 02:33 PM
Unfortunately this is too true.
Posted by Lost Eagle, 03-12-2013, 03:26 PM
Silly, Cheap , Kiddy , Kids... etc This what you are all saying... but no solution ... or lets say, solutions are too too expensive ...
Posted by Afterburst-Jack, 03-12-2013, 07:31 PM
A 'booter' is generally something script kiddies sell. Essentially: A perl/php/c script or program that sends malicious traffic. They then put that on a cheap server and, job done. Their customers use that script to attack people. And yeah, per month. That's why it's becoming a huge problem. Kids can attack with 2gbps for $10, but 2gbps of ddos protection can set you back between $200 and $2000.
Posted by XTF0, 03-13-2013, 03:57 AM
Where do they get that kind of bandwidth for just $10/month? Doesn't the attack need to be distributed to be strong? Or is source spoofing still easily possible?
Posted by Afterburst-Jack, 03-13-2013, 03:59 AM
They tend to buy VPS's from lowendbox/etc - which are mostly on shared gigabit with a few TB's of bandwidth. They only allow their "customers" to attack for ~60 seconds at a time, so they don't burn through all their bandwidth at once. So easy to spot from a provider perspective though - we actually block outgoing traffic from such people, and then suspend their VPS. Their excuses are normally on par with "my dog did it" lol Last edited by Afterburst-Jack; 03-13-2013 at 04:08 AM.
Posted by -NeoN-, 03-13-2013, 05:05 AM
Unfortunately, many DDOS hosts and even regular hosts will nullroute for hours, if not days at a time when a large multi GB burst comes in. Thus, a few minutes a day is all it takes. When we were hit for the first time our host nullrouted us for 24 hours and then the next day the same etc. I don't expect a host to eat a huge attack for free but if a 2 minute attack results in a 24 hour null then the DDOS kids have very little to do to keep you offline.
Posted by XTF0, 03-13-2013, 06:01 AM
Why not? Incoming traffic is cheap (if not free), isn't it? Null-routing hosts is actually helping the attacker instead of helping the victim. Helping attackers should be forbidden.
Posted by -NeoN-, 03-13-2013, 07:05 AM
Depends on the situation. If the victim is on shared hosting then it's going to degrade everyone else on the box. If the attack is HTTP GET requests it can easily saturate the bandwidth that's outbound as well. I understand why nullrouting is often necessary, but doing it for a day or more because of a 5 minute attack is just doing the attacker's work for them.
Posted by Ez-Sean, 05-23-2013, 09:36 PM
It's always great to soak up as much information as you can to prevent these attacks if they do ever occur. It's sad to say that the web-hosting industry is known for grabbing attention from people who enjoy sending out DDos Attacks. Wouldn't you rather prevent the fire before it starts to go a blaze.
Posted by voidSecurity, 05-24-2013, 12:29 AM
DDoS attacks are so common because it's easy to build the infrastructure(botnets) needed for them.
Posted by FRCorey, 05-24-2013, 01:45 AM
If the industry wanted DDOS attacks gone it's a simple solution to fix it. It would not take much for all network providers to share attacking IP's and build up a database and start blocking them and if the person's ISP/Provider complains they explain what's going on. Something similar to a distributed spamhaus of DDOS ip's
Posted by Koenigsegg, 05-24-2013, 02:03 AM
DDoS attack is complex subject. Who does it, What is the source and type, free available of tools and multiple transit, makes it possible DDoS. Very limited option is there to reduce attack, null route and Ip ban, but not recommended.
Posted by DeltaAnime, 05-24-2013, 02:14 AM
Not unless you got a special agreement. 95% is (almost?) always based off 'whichever is higher'. Nullroutes aren't there to help the victim, it's there to lessen collateral damage. Francisco
Posted by tuxandrew, 05-24-2013, 02:25 AM
LOLZ.....
Posted by sansap, 06-04-2013, 10:43 AM
DDOs is such a big headache that happens to a webhosting company. The person who cause DDOs aims to get the server down and affect the hosting company who are in a good position. The customers will leave due to downtime and such issue which affect the company's review and position. So all the web hosting companies should take necessary steps to control DDOs in an effective way.
Posted by Mastermind Networks, 06-04-2013, 02:50 PM
Bingo - DDoS is a superb weapon when it comes to snuffing out small businesses. DDoS a start-up hosting company and you'll see them struggle to make end meet. May good initiatives have been killed by an ass**** with a botnet. This is why DDoS is crime, a harshly prosecuted one. The ways a DDoS can be used are many to say the least and so are the potential rewards. This is why DDoS is so common, because it's the ass*****' weapon of choice and ass***** abound.
Posted by MasterIP, 06-05-2013, 01:17 AM
well said, man, well said. I agree that ddos should be punished way harsher, because not only small hosting companies struggle with it, but one could use it against competitors once in a while so to piss off customers and to make them come to ones company...