Book · 2007

The Evolution of DDoS

A book I wrote in 2007 — partway through my time as Chief Information Security Officer at Gala Coral — about how distributed denial-of-service attacks were evolving from blunt-force flood tools into the targeted, monetised, motive-driven incidents we now take for granted.

What it covers

Written for a security-aware but non-specialist reader, the book walks through the architecture of distributed denial-of-service attacks as they stood in 2007 — the move from single-source flooding through the Smurf-era reflective amplification toolkits to the early commodity botnet operators selling time on hijacked broadband routers. It covers how the attacks worked, why the underlying internet design made them cheap to launch, and how organisations on the receiving end could (and could not) defend themselves with the network kit then available.

The motivating case study, threaded through several chapters, is the wave of extortion-driven attacks on online gambling operators in the early-to-mid 2000s — an area I had been working in directly, and which produced some of the first serious commercial-grade DDoS defence operations in the UK.

What aged well, and what didn't

The book's central argument — that DDoS would professionalise into a service economy with motive and pricing as predictable as any other criminal market — has aged surprisingly well. Booter / stresser services, attack-time-as-a-service marketplaces, and the predictable extortion playbook are all direct descendants of what the book was describing. So is the structural observation that defence has to be a network-edge problem rather than a host problem.

What didn't age as well is anything specific to the kit of the time. The 2007 toolkit on both sides — the attack tooling, the carrier-grade scrubbing, the early Akamai and Prolexic offerings — is now firmly historical. Anyone reading the book today should treat the first part as still-useful theory and the second part as a snapshot of a particular era in defensive engineering.

Why I'm still proud of it

It was, at the time, one of the few practitioner-written books on the topic — most coverage in 2007 was either academic papers from the early 2000s or vendor white papers with sales motives. I wrote it because I wanted to put on paper what I had been having to learn in production by trial-and-error. The boards I was reporting to needed something they could read, and there wasn't anything in plain English that they could.

It also got me involved in the standards conversations of the time, the industry roundtables, and a series of speaking invitations that have shaped much of what I have done since. If you are deciding whether to write the book you have been thinking about — write it.

Availability

The book has been out of print for many years. I am working on getting it scanned and republished as a free PDF here on the site, with a short retrospective foreword. If you want a copy in the meantime, the British Library still has it deposited under legal-deposit, and I have heard rumours of second-hand copies on AbeBooks and Better World Books from time to time.

If you are a researcher, journalist, or student writing about the history of DDoS and want a copy now, drop me a line and I will see what I can do.

Bibliographic detail

  • Title: The Evolution of DDoS
  • Author: Peter Bassill
  • Year: 2007
  • Topic: Distributed denial-of-service attacks; commercial defence; the early professional attacker market.
  • Status: Out of print. Republication planned.

See also: Experience · Speaking · Blog posts tagged DDoS.