DDOS attack

[Taliriah]

Hmm I actually thought of them just standing around doing nothing but it felt like it didn't fit? I guess to me the making orders bit helped translate the overloaded servers and how the service is getting affected. But I think you're right in a way! If I imagine a restaurant that can serve let's say 40 people and has a capacity to fit 60 people. Then you suddenly had an influx of 300 people, standing around and disrupting the staff from serving the restaurant's actual customers. Hmm I think maybe that's a better analogy? Maybe?

Hmm I guess I equated the server resources to staff which made more sense to me? But now that I think of it I think your correction makes more sense. To me I'm guessing a combination of 'make the restaurant bigger, hire more chefs/staff' would make them slightly less affected but I think the best way is to stop these 'I'm gonna enter and chill' at the door. I guess this boils down to my limited understanding! Thank you so much for clarifying. It's a really interesting thing, but I'm not tech savvy at all so I need to kinda break things down for my unwrinkly brain.

Yes, that's kinda the idea. From a purely technical standpoint, you can consider an internet connection as a pipe, and you have data packets coming one after another. You need to read a packet before you can get to the next one. And after reading a packet, you need to see what's in it before you can know if it's a packet from an actual player or some bogus crap sent by a ddoser.

There are ways to mitigate it by detecting and rejecting bogus packets earlier, things like that. But you can never completely fully prevent it. The very properties of the internet that made it so successful (in short: reliability is ensured at the end points and intermediary nodes need only to make a best effort of carrying packets around) means that anyone can send data to anyone else, and it's up to the recipient to sort it out.

Perhaps the best analogy, in the end, would be someone ordering a bunch of pizzas to be delivered at your address.

[Rueby]

Yes, that's kinda the idea. From a purely technical standpoint, you can consider an internet connection as a pipe, and you have data packets coming one after another. You need to read a packet before you can get to the next one. And after reading a packet, you need to see what's in it before you can know if it's a packet from an actual player or some bogus crap sent by a ddoser.

There are ways to mitigate it by detecting and rejecting bogus packets earlier, things like that. But you can never completely fully prevent it. The very properties of the internet that made it so successful (in short: reliability is ensured at the end points and intermediary nodes need only to make a best effort of carrying packets around) means that anyone can send data to anyone else, and it's up to the recipient to sort it out.

Perhaps the best analogy, in the end, would be someone ordering a bunch of pizzas to be delivered at your address.

Ooooo, this makes alot more sense, the pipe thing that is...

Thank you so much for taking the time to respond to me! I think the analogy of someone ordering a bunch of pizzas to be delivered to your address is much easier and maybe I made it abit hard on myself that I tried to break it down in a maybe round about way. I feel like trying to learn more about the issue can help temper expectations abit, so I really appreciate this.

[S-r-ex]

Ooooo, this makes alot more sense, the pipe thing that is...

Thank you so much for taking the time to respond to me! I think the analogy of someone ordering a bunch of pizzas to be delivered to your address is much easier and maybe I made it abit hard on myself that I tried to break it down in a maybe round about way. I feel like trying to learn more about the issue can help temper expectations abit, so I really appreciate this.

To go a bit deeper: there are two commonly used methods of DDOS attacks called "layer 4" and "layer 7", referring to the OSI model used to describe the relationship between parts of computer networking. What you think of here would be a "layer 7" attack, while "clogging the pipe" is a "layer 4" attack.

A layer 4 attack exploits the "transport layer", or the protocols that manage network connections. For the pizza analogy, this would be the phone at the pizza parlor. Think of a thousand hijacked phones constantly calling and when they get picked up they just sit there in silence. The "protocol" at the parlor is to open with "Hi, this is pizza place, what would you like to order?" and wait for a response. But these bogus calls aren't answering back, and the parlor will have to sit there for a few moments before hanging up. Since the attack is calling en masse like this, legit customers will just get a busy signal and the parlor can't make pizzas since they aren't receiving orders.

A "layer 7" exploits the "application layer", or the service itself. In this case, the hijacked phones will instead present themselves as customers and place often huge and numerous orders. The point this time is to keep the kitchen so busy with bogus orders that legit ones can't be processed.