I am finally getting around to updating this blog with all my projects. Blinding silence info is going up first.

The main purpose of a DDOS attack is to block service to a website by flooding it with so much information it cannot respond to normal queries. Lets assume that the DDOS attack is being perpetrated by a large number of zombie system running on a bot-net. We will also assume that said bot-net is not the most nimble thing in the world, and that it is somewhat difficult for it to change targets mid attack.

All right, now lets assume the bot-net is attacking the all-important website  www.example.com, and that many users relly on example.com for its example based services. Normal traffic to example.com looks like this:

User1 and User2 are resolving www.example.com  to its server Real Server 1 and Real Server 3. They are able to get to their example based services with no problem.

Unfourtunetly, example.com uses Evil Botnet 1 as an example for an evil botnet. The operator of Evil botnet one does not like this slanderous accusation, so he DDOS’s the www.example.com domain using his zombie computers.

The zombie attackers are putting too much strain on the network, preventing User 1 and User 2 from getting to their example based services. Whatever will example.com do?

Well, they could just run away. You see, example .com has sign up for DDOS protection with Imaginary DOS Blocking Service INC , or IDBS for short.  As soon as the spike in traffic was detected,  example.com told the DNS server to change the example.com domain to resolve to the IDBS Redirect Servers. The example.com server “runs” to the address backup.example.com.

Now, the IDBS Redirect servers are not powerful at all, but they don’t have to be, the servers just serve static pages to the clients. They just need large amounts of bandwidth per server. Now why is this the case?

IDBS is counting on the Zombie computers to forge their send address in the packets they send. The Zombie computers do not want to be found, so they will spoof their sender address. User 1 and User 2 are trying to establish a real connection, and when they connect they will be redirected to backup.example.com.

The Users are redirected to the new location of example.com, and are able to access the service normally.  The Zombies are trying to DDOS targets that are adequately prepared to handle the load. Example.com suffers no downtime, and everyone wins, except the operator of the evil bot-net.

All right, so how can IDBS afford these servers anyway? Why doesn’t every company do this internally? The simple answer: IDBS is basically an insurance company. They have many, many clients, all of whom are paying a fee for IDBS’s services. It is more expensive for the client to run the additional servers than for them to pay IDBS. However, IDBS only has the servers and bandwidth to protect a few of it clients at a time. IDBS is betting most of their clients will only rarely need DDOS protection. As long as they can provide protection to the one or two clients that are being attacked at the same time, IDBS is fine.