What are denial of service attacks? This week has been a rough week for the Take Up Code website and that has affected the podcast. I host the website and in turn the feed that makes this into a podcast on a server that sits in a big datacenter somewhere in Atlanta, Georgia. Well, that datacenter was put under so much stress due to a coordinated attack that the the entire datacenter had to be taken offline for several days while measures were taken to combat the attack. What happened? And what was done to make it better? That’s what I’m going to begin explaining today.
This episode takes the form of an imaginary story set in a future world where everybody stays inside their homes and have automated bins that remotely navigate streets. The bins are used for shopping and communicating.
I describe in the story how you can use the bins to order food from a restaurant one day just fine but then what happens when the restaurant is attacked? You’ll have to listen to find out, or read the full transcript below.
Transcript
What are denial of service attacks?. This week has been a rough week for the Take Up Code website and that has affected the podcast. I host the website and in turn the feed that makes this into a podcast on a server that sits in a big datacenter somewhere in Atlanta, Georgia. Well, that datacenter was put under so much stress due to a coordinated attack that the entire datacenter had to be taken offline for several days while measures were taken to combat the attack. What happened? And what was done to make it better? That’s what I’m going to begin explaining today.
I hope you like stories because the episode today will start with the story of an imaginary world and then I’ll tie this story back into the real world with denial of service attacks. We won’t be able to finish everything this week but will pick up again next Friday with the same story. Ready? Okay, let me set the scene for you.
You live in a future world run by a fierce dictator with rules for everything. All buildings are the same shape and color on the outside. Some are bigger than others. None of this matters because you never leave your home anyway except for very rare occasions when you need to move to a new home. You still remember the last time you moved and got a glimpse of the outside world.
Endless buildings like dark cubes stacked on top of one another made the streets dark. The sky was cloudy with tendrils of fog that swirled around everything and the only thing you could see were the simple numbers stamped on each cube. The streets were full of automated delivery bins some open and some sealed and locked. You hurried to your new home and closed the door.
Inside is like a new world. Here you have the freedom to add light and color and do whatever you want.
You can even run a business if you want. The dictator controls the outside world as if the clouds and fog themselves were police always present and watching. But inside, is your realm to control. You use the delivery bins anytime you want something by placing your shopping list and payment inside a bin and sending it to the store. And after a while, the bin returns with your supplies. If you wanted to run a business, then other people would start sending bins to you to fill.
Life’s not all gloomy and you have to admit that the dictator has solved a lot of problems. For one, everybody has a home. The days of homeless people wandering the streets are long gone. It was starting to get a bit crowded for a while until the new buildings were designed. That’s why you moved actually. Your new space is bigger and there are so many of them now that they really do seem endless.
The dictator has also solved the trash problem and improved the reliability of the bin delivery system. It may be dark outside but it’s clean. No bins are ever allowed to build up in the streets. Sure, sometimes a bin will get lost but it somehow just disappears rather than sit idly. As long as a bin is moving, it’s safe. You rarely need to send another bin with your shopping list these days.
A friend of yours recommended a new restaurant and you decide that today is perfect. You don’t know where the restaurant is but that’s okay because you have the name. It could be next door or on the other side of the world. The bins are amazingly fast. It probably has something to do with avoiding the trash pickup.
You just put the name of the restaurant inside of a bin and attach a label you already have to the outside. This label is the number of a local directory service. They know where everything is. And you send it off.
Let’s switch vantage points and pretend we’re riding in the bin. The first stop is not the restaurant and not even the directory service building. It’s a small building with bins zipping in and out going one of several different directions when they leave. Inside are workers who take one look at the label on the bin and send us out a door. You also notice before we leave some unlucky bins that don’t get sent on but instead are thrown into a pit and fall out of sight. Well, now we know what happens to all the trash. After going through several of these small inspection stations, we finally reach another building with workers who take the name of the restaurant out of the bin and look it up in a big book and replace the name with another label of a building number. This must be the number for the restaurant. They also put the label from the outside of the bin that got us here into the bin too and put a different label on the outside with your own new building number. And the bin is off again. You can feel the roar of the wind and the buildings are a blur as we pass through some different inspection stations on our way back home.
Once back home, you take out the label with the directory service number and the label for the restaurant and stick the restaurant label on the outside of the bin. Then you place your order and payment inside. You payment has your name and building number so the restaurant will be able to send your food back to you the same way. And off it goes. The bin goes through inspection stations again. How many inspection stations are there, you wonder.
And eventually the bin shoots straight into an open door of a rather large building and comes to an immediate stop. It’s made it to the restaurant and is safe now from being picked up and thrown away by the dictator’s ever present garbage collectors.
There’re more workers inside and it looks more like a fast food counter than a sit down restaurant. It’s kind of hard to have sit down restaurants when everybody stays home. Soon a worker arrives and opens the bin and takes out the food order and goes off to get the food. And before you know it, the same worker comes right back with the food and collects the payment. And again, the worker comes back and adds a receipt to the bin and changes the destination on the outside of the bin to your building number. The label with the restaurant’s building number is also put in the bin. They know how to do business and want to make it easy for you to visit again.
After a brief return trip that seems to go through several more inspection stations, the bin arrives back at your home. The trip has worn down the labels but you can still make out the building number of the restaurant. Since you love saving time, you decide to save this label and use it again maybe tomorrow.
The restaurant is starting to draw some attention by now and that’s not always a good thing.
You wake up the next day and decide to order a different item from the same restaurant. Since you still have the label with the restaurant’s number and it still looks usable, you can skip the trip to the directory service today. You send your order off and after a while, nothing. Your food should have been back by now. What happened?
Let me describe what happened to your bin with your food order when it got to the restaurant. Unlike yesterday when we shot straight into the restaurant’s landing area where we could wait for a worker to process the order, today the restaurant had so many bins arriving that the landing area was full. The bin was stuck outside unmoving for just a second. And that’s all it took for the dictator’s trash collectors to destroy the bin.
You see, the restaurant attracted the attention of some bad characters. Those extra bins that were clogging the landing area didn’t even have real orders in them. Sure, some of them had orders. But the workers were having a hard time with all the extra bins and they still had to look inside each one to see if it had an order or not. They just couldn’t process all the good orders and the fake orders fast enough.
Why would somebody do this? Well you still need to eat, right? And if your order gets thrown out enough times, maybe you’ll give up and go someplace else. You’ve just been denied service. You might even go to a competitor who was behind the whole attack to begin with.
But then you wonder how? How could anybody send so many bins to the same restaurant. Look at all the time it took you to send just one. There’s no way you could send enough bins to cause this kind of trouble.
But what if you were able to remotely control many homes. If you could trick those other homes to each send their bins to the restaurant, then that might be enough. You’d need a lot of homes.
It’s starting to make sense now. You’ve heard stories of some really bad individuals who claim to have built up such capability and are willing to lend anybody the bins under their control for exactly this sort of attack. All it takes is for a lot of individual homes to each send just a few bins to the same location at the same time and you realize that practically any business is vulnerable.
Is there anything that can be done to help protect and fight back. Yes, there is. Now that you know how a denial of service attack can happen in this imaginary world, next week I’ll explain some things that the restaurant can do to protect itself.
Unfortunately it won’t be that easy. Because the attackers are smart too and they have some tricks of their own.
In case you’re wondering about this imaginary world, it sort of resembles how the internet works in our real world. We can sit in front of our computers and visit places from anywhere in the world. All we need is the domain name of where we want to go. And our computers take it from there by sending small packets of information just like the bins I described in this story. The directory service? That’s called a Domain Name Server or DNS. The inspection stations? Those are routers that direct the network traffic from one hop to another. The labels and the building numbers? Those are IP addresses. And the old house and the new bigger house that the character just moved to? That was the IPv4 system vs. the IPv6 system. Just realize that I was trying to explain a very complicated worldwide networking system in the form of a fun story. It’s mostly accurate. Next week, I’ll use the same story to continue explaining denial of service attacks.