It wouldn't work because a true DDoS (actually means "Distributed Denial of Service") attack is coming from hundreds or thousands of different IP addresses. That is the "Distributed" part. You couldn't just sit at your house and open 1000 connections to a site. Most hosts have hardware that will block you before you hit the server and then instantly blacklist your IP address.
But a DDoS attack is indistinguishable from regular traffic. One hit is coming per IP address, just like regular users.
With a traditional DoS attack, you have to find an exploit, because you are trying to use up resources just from your one or two connections. Back in the day, a website's Search option was often used. That is why pretty much any site will stop you from doing more than 1 search per 10 or so seconds at least. Without that, you could bring down their DBMS by flooding it with costly searches.
But a DDoS doesn't need an exploit. It isn't much different than when the "I F$#%ing Love Science" group on Facebook posts a link to a small scientific website. They are used to getting maybe 50 - 100 visitors a day. And then the owner of IFLS posts the link on a group that has 10 million followers, of which even 5% simultaneously going to check out the page
immediately brings it to its knees. That is an unintentional DDoS attack (which is sometimes called "wanging" when it is done accidentally without knowledge of a site's resources).
On the plus side, few people have the power to launch large-scale DDoS attacks. I don't have instant access to thousands of Internet-connected computers around the world, and I doubt you do either. Nor will we likely ever. It takes a lot of planning ahead of time, such as well-planned and well-distributed malware to create what is called a
"botnet" (a large group of computers infected with malware that allows you to take control of them remotely). And you have to have a way to communicate with the network without it being traced back to you, which again is very difficult.
One of the largest botnets of all time was the
"Storm Botnet". It was distributed essentially as a trojan, and once a computer was infected, most of the time they would be dormant, but somewhere around 10% at any one time were working on infecting other systems. It was first detected in the early 2000's and peaked around 2007. At its peak, it was estimated to be on 25 million computers ranging from home users to high-level government workers. Much of their tasks were programmed to be handled automatically, although the "zombie master" could reprogram them remotely for other tasks. All communication was handled through a very complicated ICQ routine dubbed "fast flux", where the route of the channel changed far too fast to be tracked. At its peak, the Storm Botnet had enough collective CPU cycles and bandwidth to DDoS
entire European countries off the Internet. As far as anyone knows, it was never used for a DDoS, however. But that kind of power is a huge threat, and the FBI, along with several major computer security firms had groups of experts monitoring and trying to crack it at all times for years. Starting in 2008, a combination of slower infection rates due to antivirus programs, some well-placed counter attacks through its P2P communication routes, and detections that Storm was being broken down (possibly for sale to organized crime) lead to its decline, and today it is nowhere near the threat it used to be. Although it definitely is still out there.
, i love to learn this kinds of stuff, but i would hate to work on some research center for this subjects... Poor guys :/
