What is a Denial of Service (DoS) Attack?
A denial of service attack is a type of cyberattack in which an attacker causes a target system to no longer be available for legitimate requests by overloading it with bogus requests. A DoS attack can be conducted in a number of ways, including flooding the target system with requests from multiple sources simultaneously (known as a distributed DoS or DDoS attack), sending requests that are too large or too numerous for the target system to handle, and using automated tools that send requests without human intervention.
Common types of DoS attacks
There are different types of denial of service attacks with different goals.
Flooding: One common type of denial of service attack is the flooding attack. In a flooding attack, bots flood the network, causing the website to crash due to the overwhelming number of requests it is receiving.
SYN flood: Another common type of denial of service attack is the SYN flood. This attack works by attempting to send so many SYN packets to the target system that it becomes unable to respond. SYN packets are used to establish a connection, but if too many SYN packets are sent at once, the target machine will not be able to accept any further inbound requests for a connection and the attack will have succeeded in making the target server no longer available to legitimate users.
Amplification Attack: One type of DDoS attack is known as an amplification attack. This type of attack works by using a botnet to send requests to the target system. Botnets are networks of infected computers used by attackers in order to perform attacks. Botnets usually consist of thousands of computers that all belong to a single attacker or adversary group.
Signs of a denial-of-service (DoS) attack
What is a distributed denial of service (DDoS) attack?
A denial of service attack that is designed to bring down a website is referred to as website defacement or a Distributed Denial of Service (DDoS) attack. This is a term for when an attacker uses several computers to send millions of requests for data to a server. Websites and other online services are usually designed to support a certain amount of traffic before experiencing scale problems, and a denial of service attack is designed to cause the site to become overloaded with traffic and fail. Many websites are easily brought down due to this type of attack because the owners often neglect to implement the proper security measures to protect their website from these types of attacks.
DoS vs DDoS
A DoS attack and a DDoS attack are similar in that they both attempt to deny access to the website by overwhelming it with traffic or phony requests. However, there are some key differences between the two attacks. In a DoS attack, there is a third party involved who is sending the attack to the target system. Whereas in a DDoS attack, the target system is attacked directly by a botnet. Both are orchestrated by a third party, but the difference is that there is one attacking machine (dos) vs many attacking machines (ddos). A DDoS attack is usually more difficult to mitigate as the attack is coming from a large number of sources, all of which will need to be blocked in some way.
History of denial of service (DoS) attacks
In 1982 the first DoS attack was conducted on the Arpanet using a program called "Denial of Service". This program was designed to flood systems with traffic so that they would crash. In 1984, an attack was conducted on the US Naval Command and Control Network (NCN) using a program called Solar Sunrise. The attackers used fake login requests to infiltrate the security system of the NCN, causing systems to disconnect from the network. This was the first known DoS attack that used a computer to target other systems.
DoS attacks became more common in the 1990s when hackers started using them to attack websites. One notable example of this was the infamous attack by hacker "Mafiaboy" on the official website of the popular game called Runescape. This attack caused the website to be inaccessible for hours and was one of the first DDoS attacks that used a botnet to attack a website. Attacks like these pose a serious threat to companies and governments, as well as Internet users at large.
Another example of a physical DoS attack was the “Mirai” malware campaign that took down large swathes of the internet in 2017. This malware was used to create botnets which were then used to attack websites by sending huge volumes of traffic to these websites and causing them to malfunction. This cyberattack had major implications for companies that use the internet to conduct business such as online stores and large e-commerce sites.
History of denial of service (DoS) attacks
Here are four concise steps that will help you prevent and recover from a denial-of-service attack:
Audit network traffic: By leveraging a firewall or intrusion detection system, you can audit network traffic. You can create alerts for anomalous traffic, uncover traffic sources or block and log packets that meet certain characteristics.
Improve your security posture: You can accomplish this by securing all network connected devices, investing in antivirus software, configuring your firewalls to protect against DoS attacks and adhering to security best practices around unwanted traffic.
Analyze and direct traffic: Similar to automobile traffic, you need to direct the flow of legitimate and malicious traffic. There are services available that can detect and redirect suspicious traffic flows while leaving legitimate traffic untouched.
Create an attack response plan: Mike Tyson once said, “Everyone has a plan until they get punched in the face.” Well in this case you need a plan for when you get punched in the face. One that addresses how your teams will communicate, mitigate impact and accelerate recovery.