What is a Denial of Service (DoS) Attack

Imagine that you own a restaurant which seats 20 people.  Imagine also that some teenagers decide to play a prank on you. Suddenly, 100 teenagers show up at your restaurant at the same time. The pranksers aren't there to buy meals, they're there to block your actual customers from sitting down and buying a meal. Because your customers can't get through the crowd, they are unable to enter your restaurant, and you lose money as your customers instead spend their money at another establishment.

This is analogous to what a hacker does when he launches a Denial of Service Attack against your website. Using software, the hacker simulates many, many people coming to your site at the same time, and this prevents your actual customers from being able to visit your site. Over time, this attack will also prevent search engine spiders from visiting your website, and your website will lose its page ranking, and future, potential customers will no longer be able to find your website by using major search engines (Google, Bing, Yahoo, etc.).

There are many kinds of hackers on the Internet, with a wide range of hacker skills.  You may have read of sophisticated criminal rings, phishing scams, etc. which are motivated by profit.  If you are a victim of a Denial of Service attack, you are probably not a victim of one of these sophisticated criminal organizations.  Generally, Denial of Service Attacks are an act of vandalism and the attacker instigating the attack has no financial motive.    Although a Denial of Service attack can be extremely damaging to your business/website, these types of attacks can easily be setup by an inexperienced hacker with limited technical ability.    These types of hackers are often referred to as Script Kiddies.

Asking a hacker why he is attacking your site is like asking a teenage boy why he threw a rock through a window. He might tell you he doesn't know why he did it, or he might tell you a reason that doesn't make any sense. Granted, the hacker who is attacking you might reside in a 40 year-old's body, but on an emotional level, he's still a teenager.

It's important to keep this in mind as you follow my steps in thwarting an attack against your hacker. There may be people in your organization who may want to track this person down, or punish the other ISPs involved in the attack. This will only work against you, and if you actually catch him after great effort and expense, it will give you little satisfaction (do you really need to see an overgrown teenager cry??). As you will see, you will need to contact other victims of this attack, and try to get their (usually limited) cooperation, it is important that your organization not threaten these other organizations in any way.

As you will see, the attack is using computers from many different countries around the world. There is no motivated, global police authority to deal with these attacks, so any fantasies your managers may entertain about catching and suing this person are a waste of time. The hacker is attacking you from the Internet precisely because it allows him to attack people without confrontation.

If there are people in your organization who still insist they want some kind of legal action, ask them if its OK if the website loses money and its page ranking while you waste time contacting disinterested authorities.  Ask them who they are planning to lay off while the company is making less money.  If you're reading this, you're probably a tech and aren't very worried about losing your job or finding another one, but there are likely plenty of non-techs in your organization who would be devasted if they lost their jobs in this (bad) economy.  In this article, I will be discussing an attack against my personal website.  No, it doesn't make much money, but the money it makes pays for my children's schooling, so putting aside any courtroom fantasies I might have had, and deciding to stop the attack was a no-brainer for me.