Recently I read about Denial of Service attack on Amazon & PayPal. I am curious that how this is performed. These big companies must have huge servers, so DOS would require billions of bots to access it.
So my questions are
- How DDOS attack performed at this level?
- How to know beforehand that this is attack is happening?
- How to prevent this (how to distinguish from bot vs user, apart from common captcha way that is done)
Fundamentally, such denial of service attacks involve sending the server more requests than it can handle. It can be a large number of bots sending simple requests (though it does not require billions to bring down a single server - a few thousand tops) or a handful of bots sending requests that are notoriously long to execute.
The second attack type is the most vicious, because a single bot could conceivably bring down a server. For instance, MySQL's
LIMIT N OFFSET M
is notoriously slow whenM
becomes large, so a simple attack would be to request pages 200-300 out of 500 in quick succession, clogging all the MySQL worker threads. On an unprotected server, this can be done with firebug. The only solution is to identify costly operations and then either optimize the hell out of them, make them sequential (so that clogging that part of the site does not bring down the rest of the site), or detect IPs that ask for costly operations and refuse to perform that operation unless a certain wait interval is respected.The first attack type is harder to pull off, because you need many bots. On the other hand, it's also harder to stop from the server: if you have thousands of bots sending you data as fast as they can, your bandwidth will be eaten up by the flood and there's nothing the server can do about it (even if it flat out refuses 99% of those requests), so a router with flood prevention is a good bet if you think you might be a target.
There really is no way to prevent a truly distributed dos attack as there is no difference from that and handling a surge of legitimate traffic. (serving captchas can prevent an attack from tying up long running processes or heavy resource usage, but enough of an attack will overwhelm your captcha serving bandwidth as well).