DDoS attacks start by the attacker(s) placing Zombie (technically, “bot,” short for “robot”) programs in a series of compromised computers hooked by relatively high-bandwidth connections to the Internet. These Zombies are programmed to monitor specific Internet Relay Chat (IRC) chat rooms to receive further instructions. The Zombie attack is directed and coordinated by a Zombie Master, who sends instructions to the individual Zombie, who then begins generating a flood of malicious traffic aimed at the target. Figure 1-3 shows a DDoS attack.
Early DoS attacks on some famous web sites involved many computers on university campuses and even some from security agencies. These computers had unprotected security holes, were online around the clock, and provided large connections to the Internet. Today, DSL and cable modem connections make many home and small business computers more attractive as Zombie sites because they often lack the security features and staff to defend against the intrusion.
Some Zombies, once in place, download and install additional applications that can map the local network, capture passwords or keystrokes, and report findings to the instigators of the attacks.