TCP Handshake
First off, you need some technical information. Remember IP addresses? They have a use other than getting your ass backraided for posting a Personal Army request. An IP address identifies your computer as the recipient of data. In the case of browsing the internet, the web sites you ask to see are sent to your IP address by the web server.
The server has to know your IP address in order to send you anything, though, and your computer needs to know, after you tell it to go to a web page, whether or not the server responded.
On the internet, this is done with a process called the "TCP Handshake." This involves several "packets" of data being exchanged between your computer and the server, illustrated below
Afterwards, you are connected and can request a web page.
Exploiting the TCP Handshake
The internet spans many continents, with all sorts of different ways to get from one place to another. Sometimes packets get lost. If one of the packets in the above handshake does get lost, the connection fails. Packets get lost quite often, but most of the time, your attempts to view web pages succeed.
Why? Because comptuers send MULTIPLE packets, not just one, greatly increasing the chance that one will get through at each of the three steps, completing the handshake and getting you connected. Or, rather, web servers send multiple "SYN/ACK" packets (LOL YES) when the receive a "SYN" (HAY R U THAR?) packet. If the computer that started the handshake doesn't respond, the following occurs.
More importantly, the server has a limited number of connections it can maintain at once. When the server receives a SYN (HAY R U THAR?) packet from you, it takes up one slot sending SYN/ACK (LOL YES) packets back to you.
If someone else tries to connect while you're talking to the server, they just go to a different port.
If the TCP Handshake is completed, with your computer responding with a RST (KTHXBAI) packet, then the server is ready to process further requests from you, and it frees up the port that it was using to talk with you.
What if you send a bunch of SYN packets, though?
CPURaep
However, once you stop sending SYN packets, the server will send SYN/ACKs to all the ones that it's received, your computer will send RST packets back, and the server will free up all its ports again. Thus, Crapflooding only keeps a site down while the flood continues.
If, however, the network hardware on the server is significantly better than the CPU, or the flood's dataforce has been doubled over 9000 times, the following can occur:
SMURF Attack
This attack method involves using a machine as an unwitting proxy in the attack on another server. This works by sending ICMP packets (ping [ICMP echo] to be precise) to the 'proxy' machine, but spoofing the source address to that of the target machine. The unwitting proxy computer then floods the target with replies.
A more common (and more effective) form of this attack is to send SYN or SYN/ACK packets with spoofed source addresses. In the case of SYN packets with spoofed addresses, the "mirror" machine will send multiple SYN/ACK packets at the target for each SYN it receives. If SYN/ACK packets are sent, the "mirror" machine will merely blast the target with RST packets. This is called a "Reflective" DoS attack.
If UDP Packets are used, it is called a "FRAGGLE Attack"
UDP Flooding
This is a very simple type of flood, consisting of simply sending large numbers of UDP packets to the target to use up resources. For instance, the UPD flood works by opening lots of UDP connections on lots of random ports. The server must then check for a listening program for each port, and then send a reply packet to the flooder (unless the flooder spoofs his ip).
DDoS
DDoS (with two Ds) refers to a Distributed Denial-of-Service attack. Literally, this means more than one computer attacking the target. In practice, this generally refers to use of a botnet to obtain the multiple computers to attack with.
You cannot DDoS with your home computer. Because it is only one computer. You can, however, DoS. If you DoS at the same time lots of other people are launching DoS attacks, you are part of a DDoS attack.
