The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention
Attackers Exploiting Public Cobalt Strike Profiles
Attack Paths Into VMs in the Cloud
Table of Contents
Threats

What is a denial of service attack (DoS) ?

3 min. read
Table of Contents

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected.

DoS attacks often target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to handle.

There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

  • Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle. It includes the attacks listed below, in addition to others that are designed to exploit bugs specific to certain applications or networks
  • ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.
  • SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

  • They can leverage the greater volume of machine to execute a seriously disruptive attack
  • The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)
  • It is more difficult to shut down multiple machines than one
  • The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Modern security technologies have developed mechanisms to defend against most forms of DoS attacks, but due to the unique characteristics of DDoS, it is still regarded as an elevated threat and is of higher concern to organizations that fear being targeted by such an attack.

What is a DoS Attack FAQs

A Denial-of-Service (DoS) attack aims to disrupt the normal functioning of a network or server by overwhelming it with excessive traffic, making it unavailable to legitimate users. This can severely impact an organization's operations, leading to:

  • Service Disruptions: Websites and online services become inaccessible, hindering business operations and customer experience.
  • Financial Losses: Downtime can result in lost revenue, productivity, and potential damage to reputation.
  • Data Corruption: In some cases, DoS attacks can lead to data corruption or loss, further impacting business continuity.
  • Slow Network Performance: Unusually slow response times and difficulty accessing websites or online services.
  • Unavailability of a Particular Website: A specific website or service becomes completely inaccessible, indicating a potential targeted attack.
  • Dramatic Increase in Spam Emails: A sudden surge in spam emails can be a sign of a distributed DoS attack using compromised devices.
  • Volumetric Attacks: Flood the target with overwhelming amounts of traffic that it must respond to, such as SYN floods, UDP floods, and ICMP floods.
  • Protocol Attacks: Exploit vulnerabilities in network protocols, such as Ping of Death and Smurf attacks.
  • Application Layer Attacks: Target specific applications or services, such as HTTP floods and Slowloris attacks.
  • Firewalls: Block suspicious traffic and filter malicious connections.
  • Intrusion Detection Systems (IDS): Detect and alert on potential DoS attacks.
  • Anti-DDoS Solutions: Specialized services that absorb and mitigate DoS attacks.
  • Network Redundancy: Distribute traffic across multiple servers and network paths to minimize the impact of attacks.
  • ISP Protection Services: Utilize the expertise and resources of Internet Service Providers (ISPs) for DDoS protection.
  • DDoS Protection Services: Offer specialized solutions to filter and mitigate DDoS attacks before they reach the target network.
  • Traffic Monitoring: Monitor network traffic for suspicious patterns and anomalies, identifying potential attacks early.
  • Blocking Malicious Traffic: Block malicious IP addresses and traffic patterns associated with DoS attacks.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability