Distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. It generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
One common method of denial-of-service (DoS) attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
A “denial-of-service” attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.
A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:                Consumption of computational resources, such as bandwidth, disk space, or processor time;        Disruption of configuration information, such as routing information;        Disruption of state information, such as unsolicited resetting of TCP sessions;        Disruption of physical network components;        Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.        
Perpetrators of DDoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, etc.
A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.
Malware can carry DDoS attack mechanisms, such as MyDoom, the DoS mechanism of which was triggered on a specific date and time. This type of DDoS involves hardcoding the target IP address prior to release of the malware and no further interaction is then necessary to launch the attack.
DDoS tools, such as the well-known Stacheldraht, use classic DoS attack methods centered on IP spoofing and amplification like smurf attacks and fraggle attacks (also known as bandwidth consumption attacks). Newer tools can use DNS servers for DoS purposes.
The term “DDoS” refers to DoS attacks launched using many systems simultaneously to launch attacks against a remote host.
DDoS attacks have become more frequent against financial institutions, such as banks and have been known to disrupt their activity and that of their customers. Such attacks are often directed against the DNS server of the institution, thereby preventing the resolution of the hostname to which a customer's web browser is directed. It is therefore clear that it would be desirable to provide means by which regular activities of such institutions, as well as of any other body facing the same malicious attacks, could be maintained in spite of all the attacks.
It is an object of the present invention to provide a system and a method which enable a system that finds itself under a DDoS attack directed against its DNS server to continue functioning in spite of the attack.
It is another object of the invention to provide software means associated with the client software available to a customer, which are suitable to prevent or limit the difficulty of the customer in reaching the desired host.
Other objects and advantages of the invention will become apparent as the description proceeds.