Denial of Service (DoS)

TL;DR: An attack in which an attacker attempts to render a website or network unusable by overloading it with traffic or requests.

A Denial of Service (DoS) attack is a malicious attempt to make a computer, network or service inaccessible to its intended users by overloading the target's resources. This can be achieved by various methods, but the main goal is always to disrupt normal operation and affect the availability of the service.

Main types of DoS attacks:

  1. Volume-based attacks:
  • Flood attacks: The attacker sends a huge amount of data traffic in order to overload the network bandwidth or server capacity. Examples include ICMP floods (ping flood), UDP floods and other protocol-based attacks.
  • Amplification attacks: The attacker exploits vulnerabilities in network protocols to increase the amount of outgoing traffic. A well-known example is the DNS amplification attack, in which small DNS queries generate large responses that overload the target.
  1. Protocol-based attacks:
  • SYN-Flood: The attacker sends a large number of SYN requests (part of the TCP three-way handshake) without completing the connection. This leads to the server resources being exhausted as they wait for the connections to be terminated.
  • Ping of Death: The attacker sends faulty or fragmented PING packets which, when assembled on the target server, can lead to an overflow and cause the server to crash.
  1. Application-related attacks:
  • HTTP flood: The attacker sends a large number of HTTP requests to a web server to exhaust its resources and prevent it from processing legitimate requests.
  • Slowloris: The attacker opens many HTTP connections to the target and keeps them open for as long as possible without closing them, forcing the server to consume resources and deny new connections.

Distributed Denial-of-Service (DDoS):

A DDoS attack is an amplified form of DoS attack in which the attacker uses multiple compromised systems (often a botnet) to attack the target simultaneously. This amplifies the impact of the attack as the traffic comes from many sources, making defence much more difficult.

Effects of a DoS attack:

  • Interruption of service: The primary impact is that legitimate users cannot access the service, resulting in service interruptions and downtime.
  • Business losses: Interruptions to the service can lead to lost sales, a damaged reputation and a loss of trust among customers.
  • Increased costs: Eliminating the effects of a DoS attack and implementing protective measures can incur considerable costs.

Protective measures against DoS attacks:

  1. Network and application security: Use of firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) to detect and defend against DoS attacks.
  2. Traffic monitoring: Continuous monitoring of network traffic to recognise and stop unusual activities at an early stage.
  3. Content Delivery Networks (CDNs): Use of CDNs that can distribute traffic across multiple servers and reduce the impact of DoS attacks.
  4. Rate Limiting: Implementation of rate limiting to limit the number of requests originating from a single IP address.
  5. Redundancy and scalability: Setting up redundant systems and using cloud services that can scale automatically to cope with increased loads.
  6. DDoS protection services: Use of specialised DDoS protection services that analyse data traffic and filter out malicious requests before they reach their destination.

Conclusion:

A Denial of Service (DoS) attack is a serious threat that aims to disrupt the availability of a service. By implementing protective measures and continuous monitoring, organisations can increase their resilience to such attacks and minimise the impact on their systems and services.