Sunday, July 25th, 2010
Issue: 38   Editor: Nyxxie


DoS Attacks for Dummy's Like Me Convict

I am writing this today to explain what happened to BL on July 20th in terms even a cave man could maybe understand. BL was the victim of a “Denial of Service Attack” known also as a “DoS” attack. In most DoS attacks there is a program written by an individual rather than a software company and is written with the intent to attack. Said program works by sending a huge number of data requests sometimes simple data requests similar to a “Ping” just making BL reply but more often than not legitimate looking data requests are being sent by the attacker to the web site being attacked. I do not know specifics about the attack against BL. Most DoS attacks appear to be legitimate requests meaning it is made to copy the same type of requests (actions) users would be doing on the site like clicking the “States” link for example. The problem with that is so many of these requests are sent that it would not be possible during the attack to keep up with all the requests from the attacker and legitimate requests from users.

Most servers usually host more than one web site. During the attack the server, all sites hosted by the server, and their reputation as a business are in serious danger. Because of that the site being attacked is usually shut down by the server company to avoid the problem affecting any other web site they host, or even causing damage to equipment that is fragile under extreme demand.

As things evolve and residential bandwidth gets faster it gets easier for massive attacks to be done from home. However new defensive technology is also evolving. New technology that banks, torrent sites, other commonly attacked sites, and maybe even bootleggers will be using is getting much better at filtering legitimate VS attack requests.

You could be thinking “well why doesn’t BSF2000 just block requests from the attacker’s IP and be done with it?” Well the true IP of the attacker is masked by thousands of proxy IP’s used to send a ton of those data requests. It is very hard to determine which of the thousands of IP addresses are legitimate users or the attacker even when using some of the most sophisticated hosting and security technology available to date.

I leave you with a bit of mystery. Was this attack done by one person just mad at BL or the world? Exactly what sort of resources would it take for one person to do this? Was the attack just one person or an organized group of people with the same intent? Could it maybe be the competition? With the number of users playing text based games dropping rapidly it makes the attack of BL benefits other somewhat similar text based games more than it ever would have in the past.