Twitter confirmed this morning that its site has been taken down by a distributed denial-of-service (DDoS) attack.
As of 11:30 a.m. ET today, the popular microblogging site had been down for at least two hours and a status update from Twitter noted that its systems administrators are trying to defend the site against the attack.
The outage has left millions of Twitterers adrift this morning, with many taking to Facebook to voice their frustrations about not being able to post tweets or follow others. One Facebook user noted, “Suffering tweet withdrawal.”
A distributed denial of service attack occurs when computers flood a Web site with requests for information, effectively shutting it off from other legitimate traffic.
“It’s a bit like 15 fat men trying to get through a revolving door at the same time. Nothing can move,” said Graham Cluley, a senior technology consultant for Sophos PLC, in a blog post. “Don’t underestimate the impact an attack like this can have, by the way. Twitter isn’t just about meaningless piffle, although there’s a fair bit of that. Companies are using it to keep in touch with their customer base, and consumers take advantage of the site’s intimacy to get an answer from large companies that are discovering how to have a ‘human face’ online.”
Ken van Wyk, principal consultant at KRvW Associates LLC and a columnist for Computerworld, noted that major Web sites are frequently hit with DDoS attacks but they rarely result in total outages.
“Most sites grow to a level of resiliency that is quite good, although certainly not perfect,” said van Wyk, adding that the attacks are tough to defend against. “At some level, they’re impossible. Although TCP/IP and our modern networks are pretty robust operationally, overwhelming a data pipe with vast amounts of data can still be an effective denial-of-service attack.
“Very large enterprises are quite good at getting huge data pipes and distributing their processing at geographically — including network geography — dispersed locations,” he said. “These things all make DDoS more difficult to accomplish, but not impossible.”
