Impact of DDoS on Hardware
 

Hello

I have linux server totally crash after DDoS attack and am wondering can DDoS attack with huge amount of packets cause hardware issue and make the server not bootable , for example can ddos cause hardware I/O issue that make hard disk damaged, can you share with me references for this if its applicable ?

DDoS is Distributed Denial of Service. The intent of such an attack is to flood your server with spurious connections so it can't service valid connections. In and of itself it isn't a hardware attack.

However, if the attack somehow caused your system memory or disk drive to be overworked and they were already in a weak state it might trigger the pending failure.

There are some attacks (not DDoS) that MIGHT be able to hack your bios or other hardware chips if they are writable from the OS but these are a little more rare.

There are of course attacks (that might start with DDoS to trigger buffer overflows) that are aimed at gaining root access to your system. If someone gains rooot access to your OS they can of course do spurious writes to hard drives, dismantling of RAID sets, removal of LVM systems just as you could as the system admin. In this case the hardware itself isn't damaged but any structures including filesystems that you've put on the hardware could be destroyed.

It's also possible you simply have filesystem corruption caused by the DDoS preventing things from properly committing and if so doing a reboot with fsck of filesystems may be your solution.

Please share more nfo: What services does the server provide? Is it virtual or real hardware? What's the hardware specs? What file systems are used? What do system and daemon logs show (log entry / error / anomaly-wise) in the time leading up to the attack? What was the DDoS volume? What hardware issues have you are actually determined bog this machine?

Did you try booting without it attached to network? I'm wondering if maybe your DDoS is happening the moment you boot it if it is on network.

In the LUG here one of the long time members related a story in which he was trying to help someone install Linux for the first time and they found that the guy's IP was being hammered by script kiddies so as soon as they booted up he was already hacked.

Also curious to see if the server will boot disconnected from the network. I would think it unlikely the DoS caused lasting hardware damage but like MensaWater mentioned it is possible it was a front for some different kind of attack.

I did not try without network cable but it seems good idea, Generally speaking i did not find an answer or article for my question which is how DoS can impact Hardware and is it possible but thanks all for help

Thanks for answering but it's a shame you haven't told us what hardware issues actually affect this machine?.. It's a physical machine so power on. If you do get a BIOS POST try booting a Live CD or USB stick. Depending on the value of the data and if you have recent backups (you do, don't you?) and if file systems are mountable try getting logs and or data off of it?


There's not much details to go on for example if this machine is in colo, how long the attack lasted, if earlier attacks where recorded, etc, etc, if it is in a Data Centre I'd expected colo NOC to do their edge router magic... Hardware has its limits but with current Enterprise-class hardware I'd rather expect the kernel to get into Virtual Memory Management problems first (everything in the stack takes up memory), then invoke the dreaded OOM killer and if left unmanaged simply lock up and die() due to resource starvation. That itself isn't bad but file systems are not as resilient as we wish and a dying kernel may therefore easily corrupt a file system by simply halting during combined write ops and not clearing the "dirty" flag.