-1

Why the DDoS attacker need many zombie machine for attack?

enter image description here

if attacker has one machine for generate enough attack traffic for its business(DoS), does it still need many zombie machine(DDoS)? what's required reason of it?

EDIT-01

Use one zombie machine the hacker can simulate many source IPs for attacking, my assumption is the one zombie machine can generate enough traffic. is it(Dos) still need many zombie machines?

aircraft
  • 136
  • 6
  • 2
    The answer is in understanding wha the abbreviation DDoS actually means. DDoS stands for **Distributed** Denial of Service attacks. **Distributed** here means that the attack is done from multiple places at the same time, compared to a single DoS which might be done from a single place. To attack from multiple places at once you obviously need multiple machines. This does not mean that a single machine with large bandwidth could not do a DoS attack against a system with smaller bandwidth, only it would not be a **Distributed** DoS then, i.e. no DDoS but only DoS. – Steffen Ullrich Nov 06 '18 at 05:30

1 Answers1

2

By using multiple zombies, the attacker can

  1. Generate huge traffic

One Denial of Service attack from a blazing fast 1 Gigabit connection is 10 times less harmful than a Distributed Denial of Service constant 1 Megabit attack from 10,000 zombies. (Assuming that all of the bandwidth from one line can be used for attack which is highly unlikely.)

  1. Make it hard to protect

1 IP causing Denial of Service? Modern firewalls can easily block it. 10, 100 IPs? No problem.

How about a 620 Gbps attack from fifty million IPs? You can't block each and every one of the IPs. And before you know it, the core infrastructure of you and your service provider's network(routers, backbones, etc) starts to die. You can't do anything but pray for the attack to stop.

  1. Privacy

By using botnet computers, the attacker can mitigate the risk of being exposed.

  1. Firewall mitigation

Easy and powerful attacks such as UDP flooding can be mitigated by a firewall because the attack is well known and firewalls are programmed to protect them. But what about a legitimate request, say, a simple http page load?

If the scale of the botnet gets huge, even a simple page loading can cause deadly results. Imagine 145k botnets loading 1MB page every second. It can generate an approx. 1Tbps load on the victim, which will be ranked the second greatest DDoS attack on history.

  • I think it's important to be careful about your usage of the word 'hacker' here. DDoS attacks are generally speaking not classified as hacking. Hacking is by definition to ``gain unauthorized access to data in a system or computer`` and DDoS attacks do not gain unauthorized access to any form of data. – Cillian Collins Nov 06 '18 at 21:47
  • @CillianCollins Noted. –  Nov 07 '18 at 01:18