In the last few hours, because of attacks on Xbox Live and PSN, is back in the limelight the DDoS and many seem not quite clear what this means, commenting on the incident with phrases like " if he knew he would be attacked, Microsoft should have prepared to withstand attack ". Unfortunately with a DDoS attack that is not possible: this is the kind of Internet attack harder to counter, so they dropped even services like Facebook and Twitter. This is because DDoS attacks exploit an inherent weakness in the way the Internet is structured, and there is no possibility to avoid them unless you re-engineer the entire global network. But let's see what it is.

To understand what a DDoS attack, we must first remove the "D" and understand what a DoS attack, or "Denial of Service". Said in layman's terms, DoS is an attack posted by a single computer to a server with the purpose of overload and then deny access to users. DoS attacks can affect many parts of the network infrastructure or applications on a server, but to help you imagine the server as a tollbooth and users like cars passing through. In normal traffic situations, the toll/server manages to handle and pass smoothly all cars/users, who receive a normal service. When someone wanted to overload the service, however, he would send from your PC a wave of calls similar to those of other users who "bombard", overloading the server and causing a general slowdown or even the complete block.

Returning to parallel with the tollbooth, imagine that someone suddenly sends a fleet of cars 10, 100 or 1000 times higher than those that normally handles: toll would huge queues in which, together with the attack cars, would be caught even those of normal users. When does an attack like that, you notice a large slow web sites just because you're queued along with everyone else, and before responding to you the site must handle all other requests. Just like when a large influx of car puts into a tailspin a tollbooth and you are in the queue waiting for your turn.

Fortunately there are several ways to defend against a DoS attack: being led from a single computer, or from a battery of computers easily recognizable, calls are all from the same IP addresses and have a certain capacity. Companies are then safe from these types of attacks by increasing the number of toll stations "(i.e. the number of servers) that respond to users and by using special software that, when they see that too many calls are coming from the same IP address, the make a blacklist by stopping them. Imagine how if, in our exit, the attack was made with all machines that have the same plaque; to deflect the attack only motorway operators, when they see that plate, devino cars on a side lane so that it does not arrive at the gate.

Things get more complicated, however, and unmanageable, when riaggiungiamo the initial "D" talking about DDoS, which stands for " Distributed Denial of Service " or Distributed DoS attack. This attack is based on the same principles of DoS, but was launched simultaneously from many computers on the Internet, often without their knowledge. Theoretically, if not adequately protected, even you may unwittingly contribute to such attacks. This is because hackers who prepare these attacks before distributing viruses or Trojans that once infected a computer, are "sleepers" awaiting a command from the hackers. Over time, so hackers can create a worldwide network of infected computers (called a botnet jargon or zombie network ) that, under their "master" can attack simultaneously a target server. It is as if the hacker put a remote control device on cars of all citizens, and at the right time he gave the order to turn on and go all at once to the tollbooth from clogging up.

This creates a surge of traffic much more intense than a DoS attack, because from tens or hundreds of thousands of PCs around the world, and difficult to counteract. Increase number of servers does not have a large effect since, however, these attacks are absolutely overwhelming, or even filtering techniques for IP address take effect because, coming from many PC calls around the world, dress up like normal users and servers have no way to distinguish the calls "evil" than those of normal users. This is why companies like Sony and Microsoft does not have to guard even when the attacks are announced, and even when the attack is taking place do not have many weapons to thwart. Sometimes these attacks can be stopped only by other hacker groups which perhaps by their contacts fail to understand what is the botnet used and infiltrate to lock, or who can perhaps identify who is launching the attack and bombing Israel in turn so that it can no longer give orders to botnets. But it's cyber-war scenarios very complex and dynamic which can vary widely.

Of course in reality things are much more complex than how we explain: there are many different types of attacks, some affect the application servers, other DNS servers or routers themselves, others still use "zombie" PCs not to directly attack the target but to "bounce" the attack through other PCs "cleaned" and so on. We hope that, with this very basic explanation, many of you have understood better how it works this type of cyber assaults and why create so much trouble to companies involved.