Is there no ordering for incoming requests that would just slow a server down instead of breaking? What actually breaks?
You must log in or # to comment.
Imagine a server is a store with staff that handle customer requests in a first in / first out kind of order. Now imagine you’ve got 20 years worth of black Friday traffic trying to get to it.
The server might be able to handle the requests that get to it, but the sheer volume of traffic makes it impossible to get in or out effectively.
20 years of Black Friday traffic because some anonymous person put up realistic looking advertisements all over the city offering 90% off from 9:00 to noon.
I’ve been in the field a long time, this is probably the best analogy I’ve heard for it.
Yeah and one of the stores staff member actually has to remember the name and request of every guest until the sever is ready to get them their order
I could be wrong but I believe the “breaking” you’re talking about is the fact that requests need to be responded to within a certain amount of time, so if you slow things down to the point that requests timeout before they can be responded to, it fully “breaks” instead.
DDOS is a symptom. A DDOS can cause different failure scenarios at different points.
Maybe the attack is causing the service to access a backend database that isn’t equipped to handle the traffic. The web server queues requests but they can’t be handled in a timely manner.
Maybe the attack causes a firewall to spend too much time inspecting the traffic by sending a malformed packet.
Maybe the attack simply overwhelms the bandwidth of the firewall or router. The Reddit “hug of death” is a common example.
In short, lots of things can lead to a service interruption. A DDOS is just a description of a way to cause that interruption by using distributed source hosts.
