Synthetic Monitoring

Simulate visitor interaction with your site to monitor the end user experience.

View Product Info

FEATURES

Simulate visitor interaction

Identify bottlenecks and speed up your website.

Learn More

Real User Monitoring

Enhance your site performance with data from actual site visitors

View Product Info

FEATURES

Real user insights in real time

Know how your site or web app is performing with real user insights

Learn More

Infrastructure Monitoring Powered by SolarWinds AppOptics

Instant visibility into servers, virtual hosts, and containerized environments

View Infrastructure Monitoring Info

Comprehensive set of turnkey infrastructure integrations

Including dozens of AWS and Azure services, container orchestrations like Docker and Kubernetes, and more 

Learn More

Application Performance Monitoring Powered by SolarWinds AppOptics

Comprehensive, full-stack visibility, and troubleshooting

View Application Performance Monitoring Info

Complete visibility into application issues

Pinpoint the root cause down to a poor-performing line of code

Learn More

Log Management and Analytics Powered by SolarWinds Loggly

Integrated, cost-effective, hosted, and scalable full-stack, multi-source log management

 View Log Management and Analytics Info

Collect, search, and analyze log data

Quickly jump into the relevant logs to accelerate troubleshooting

Learn More

The anatomy of a DDoS attack

Last week the BitTorrent site Mininova was hit by a large-scale DDoS attack that caused a total of 14 hours of downtime. Regardless of what you think about torrent sites, this was an interesting example of how a website can be incapacitated by a DDoS attack.
We chose this example to illustrate the effect of a DDoS attack because Mininova shared some relevant information about the attack, especially a very telling traffic graph from their Internet connection. The below traffic graph shows the impact on one of Mininova’s two Internet connections during the initial attack.

The site was attacked by a botnet (using hundreds of computers) using UDP connections, and judging by the above graph it reached full effect almost immediately.
The attack generated 2 gigabit of traffic per second. Since the attack maxed out Mininova’s Internet connection it made the site very slow and sometimes impossible to reach.
This is a typical example of a DDoS attack. Its objective is to in one way or another overload a site or service until it can’t function properly.
Now let’s take a closer look at how the site was affected.

How was site uptime and load time affected?

The above network graph is interesting, but what was the actual effect on the website’s load time, and how much downtime did it result in? We have some uptime monitoring data for the site (from Pingdom) which clearly shows the effect of the DDoS attack.
As you can see by the load time graph here below, there were actually two separate attacks; one that started very early on Friday (European time) and one that started on Saturday. The time stamps below are in GMT+1.

Note that the load time in the graph above only includes the loading of the HTML, not images, etc.
The above only shows the load time for when the website could be loaded at all. In many cases the load attempt simply timed out (30+ seconds in our case). So the effect was double. Slowdown AND downtime. Note how the reduced uptime in the graph below matches the periods of increased load time.

Counted over the two attacks, this DDoS attack cost Mininova 14 hours of downtime and some extreme slowdown. It might be good to remember that people tend to leave a website if it is too slow, so even when the website wasn’t technically down many visitors would still have been turned away.

It can happen to anyone

We hope that this practical example gives you a decent picture of how devastating a DDoS attack can be to a website.
It’s worth pointing out that what is described in this article can happen to any type of site. A similar attack could have happened to a blog, an e-commerce site, a social network, a web host, etc.
Another thing to note is that there are a very wide range of different attacks that can happen. To name a different example than the one above, the domain registrar Network Solutions recently suffered from a large-scale attack on their DNS servers that indirectly affected hundreds of thousands of websites that used those DNS servers.
One might also wonder why these attacks happen in the first place. DDoS attacks happen for a number of reasons. Sometimes they involve blackmail (“pay us or we break your site”), other times there are ideological conflicts or other reasons behind it.
Do you know of other recent examples of DDoS attacks that have had a negative impact on websites or services on the Internet? Please feel free to share in the comments.
Further reading (with more DDoS examples): Conflicting opinions causing DDoS blitzkriegs online

Web Performance of the World’s Top 50 Blogs

By: Rachel Frnka Am I the only one who thinks blogs were in their prime in t [...]

Facebook, Instagram, and WhatsApp Down for Over Five Hours

Did you unconsciously open Instagram, Facebook, or WhatsApp several times throu [...]

The Pingdom Guide to the Internet

By Rachel Frnka We may be biased, but we think we’ve had some great blogs [...]

end user data
Extend Your APM Capabilities With End-User Data

In the internet-driven economy, businesses rely on applications for different f [...]

Troubleshooting End-User Issues With a DEM Tool

In the last decade, businesses have made massive investments in the digital eco [...]

Monitor your website’s uptime and performance

With Pingdom's website monitoring you are always the first to know when your site is in trouble, and as a result you are making the Internet faster and more reliable. Nice, huh?

START YOUR FREE 30-DAY TRIAL

MONITOR YOUR WEB APPLICATION PERFORMANCE

Gain availability and performance insights with Pingdom – a comprehensive web application performance and digital experience monitoring tool.

START YOUR FREE 30-DAY TRIAL
Start monitoring for free