What is a DoS (Denial of Service) attack?

A Denial of Service (DoS) attack is a type of cyber attack in which the attacker seeks to disrupt the normal functioning of a targeted system, network, or service, making it temporarily or indefinitely unavailable to its intended users. The primary goal of a DoS attack is to overwhelm the target with a flood of traffic, requests, or other malicious activities, causing it to become overloaded and unable to respond to legitimate user requests.

Here is a technical breakdown of how a DoS attack typically works:

  1. Traffic Overload:
    • Bandwidth Exhaustion: Attackers often attempt to flood the target's network with a massive volume of traffic, consuming all available bandwidth. This can be achieved through various means, such as sending a large number of data packets or initiating multiple connection requests simultaneously.
    • Resource Depletion: The attacker may also target specific resources within the system, such as CPU, memory, or disk space, by exploiting vulnerabilities or inefficient resource management.
  2. Packet-Level Attacks:
    • Ping Flood: This involves sending a large number of ICMP Echo Request (ping) packets to the target, overwhelming its ability to respond to legitimate requests.
    • SYN/ACK Flood: In a TCP-based attack, the attacker sends a flood of SYN (synchronize) or ACK (acknowledge) packets, exploiting the three-way handshake process and exhausting the target's resources.
    • UDP Flood: Attackers send a high volume of User Datagram Protocol (UDP) packets to flood the target. Unlike TCP, UDP is connectionless, making it easier to amplify the attack.
  3. Application-Level Attacks:
    • HTTP/S Request Flood: Overwhelming a web server with a massive number of HTTP or HTTPS requests, making it incapable of serving legitimate user requests.
    • Slowloris Attack: This involves keeping multiple connections to the target web server open for as long as possible, consuming resources and preventing new connections from being established.
  4. Distributed Denial of Service (DDoS) Attacks:
    • In a DDoS attack, multiple compromised computers, known as a botnet, are used to launch a coordinated assault on the target. This makes it more challenging to mitigate the attack, as the traffic comes from various sources.
  5. Reflection and Amplification Attacks:
    • DNS Amplification: Exploiting open DNS servers to amplify the volume of traffic sent to the target by using small requests that result in much larger responses.
    • NTP Amplification: Similar to DNS amplification but targeting Network Time Protocol (NTP) servers.
  6. Mitigation Techniques:
    • Employing firewalls and intrusion prevention systems.
    • Traffic filtering based on anomalies and heuristics.
    • Rate limiting to control the number of incoming requests.
    • Content Delivery Network (CDN) services for distributing traffic and filtering malicious requests.
    • Using load balancing techniques to distribute traffic across multiple servers.