Today, as of 11 a.m. (EST) the popular web service Twitter was down. A recent status update from Twitter attributed the cause of the outage to the site experiencing a denial-of-service attack. While the site previously suffered from numerous system-related outages last year, they have taken great steps to ensure the reliability of the service, given its increasing popularity. To add insult to injury, other popular social networking sites , such as Facebook, have also been reported to be experiencing problems.
Denial-of-service attacks attempt to bring down sites/services by overwhelming them with more traffic than they can handle. They are hard to defend against, especially distributed denial-of-service attacks, due to their distributed nature and the difficulty in distinguishing valid requests from malevolent ones using automated methods.
While their is no sure way to prevent DDoS attacks, the best counter-measure would be to increase the amount of available resources for the site/service, effectively providing the attackers with a harder target. Provisioning increased bandwidth and backup server resources will not stop the attack, but may defeat its purpose by ensuring continuity of the site/service.
The BIG picture
What makes attacks like these possible are the numerous unprotected and unpatched vulnerabilities (published and unpublished) present on the millions of average user workstations around the world. Unethical individuals and groups can take advantage of these vulnerabilities to assume control of an unsuspecting victim’s personal computer, creating a “zombie army” of computing. They can then use this platform for launching attacks. Keeping computers up to date with the latest security patches as well as monitoring your network traffic for any unusual traffic spikes is key to doing your part to help prevent these attacks.
UPDATE (2:30 pm EST)
Facebook confirmed that it also was suffering from a DDoS attack. Facebook posted a message on its own service stating:
You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack. We have restored full access for most people. We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us.