A denial of service (DoS) attack is a deliberate action by a malicious actor to disrupt access to websites, email, accounts, devices, or other network resources. Distributed denial of service attacks is a more evolved and complex form of DoS attack. Distributed denial of service attacks is a more evolved and complex form of DoS attack. A key difference between the two is that a DDoS attack sends illegitimate requests to a system from multiple sources. This makes it extremely difficult for the victim to first detect and then stop.
Understanding a denial of service attack
The first denial of service attack was created by David Dennis in 1974 who wrote a program to force university library computers to power down.
In the modern era, DoS attacks describe any deliberate action to deprive legitimate users of services or resources they expect to be able to access. High-profile organizations are often the victims of such attacks, including those in banking, commerce, and media. Trade and governmental organizations are also frequently targeted.
Although DoS attacks do not typically result in the theft of information or other significant assets, rectifying an outage is often time and resource-intensive.
The two main types of denial of service attacks
The most common DoS attack occurs when a malicious party floods a network server with traffic. Illegitimate service requests with fake return addresses are sent to the target server, overloading it with traffic.
As the server attempts to process these fabricated requests, the server becomes overwhelmed and legitimate users cannot access it.
Flood attacks include:
- Buffer overflow attacks – one of the more common DoS attacks where more traffic is sent to a network address than it was designed to handle. It encompasses the two attacks listed below and is also used to exploit bugs specific to particular networks or applications.
- ICMP flood – in this case, spoofed packets are sent to ping every computer on a misconfigured network. By attacking more than one machine, the effect is amplified by the network. An ICMP flood is commonly called a smurf attack or ping of death.
- SYN flood – here, requests are sent to connect to a server without completing a three-way handshake. This attack continues until all open ports are saturated with requests, leaving them in an occupied status. As requests are constantly sent, there are no open ports for legitimate users to connect to.
Crash attacks occur less frequently than flooding attacks. Put simply, a crash attack describes the malicious actor transmitting a bug that exploits flaws in a system and causes it to crash.
This leaves legitimate users unable to access important services.
Distributed denial of service attacks (DDoS)
Distributed denial of service attacks are a more evolved and complex form of DoS attack.
A key difference between the two is that a DDoS attack sends illegitimate requests to a system from multiple sources. This makes it extremely difficult for the victim to first detect and then stop.
A DDoS attack is carried out by a network of hacked computers (called zombie computers or bots) which collectively form a network of bots or a botnet. In some instances, networks are comprised of millions of computers.
The Amazon Web Services attack of 2020 is perhaps the most recent extreme example of a DDoS attack. Vulnerable third-party servers were hit for three straight days and peaked at an eye-watering 2.3 terabytes per second.
A denial of service attack is a deliberate action by a malicious actor to disrupt websites, email, accounts, devices, or other important network services.
A DoS attack may be performed by flooding and subsequently overwhelming a network server with traffic. A much less common method involves infecting systems with bugs to exploit flaws or vulnerabilities.
A distributed denial of service is a more complex and potent form of DoS attacks. It uses networks of infected computers to send vast amounts of information to the intended victim.
Main Free Guides: