What is a Denial of Service Attack?
A denial of service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means by which this is accomplished vary, the ultimate goal is always to prevent legitimate users from accessing the resource.
DoS attacks can be launched from a single machine or from multiple machines. If the attack is coming from a single machine, it is referred to as a denial of service (DDoS) attack. If it is coming from multiple machines, it is referred to as a distributed denial of service (DDoS) attack.
Types of Denial of Service Attack
There are three main types of DoS attacks:
- Protocol attacks
- Application layer attacks
- Volumetric attacks
A protocol attack exploits vulnerabilities in the way that a particular protocol (such as TCP or UDP) is implemented. The attacker sends malformed or otherwise invalid packets to the victim using the targeted protocol. Because the packets are not properly formed, the victim’s machine becomes overloaded and is unable to process legitimate requests.
An application layer attack targets a specific application (such as a web server) rather than a particular protocol. The attacker sends requests to the victim application that are designed to overload the application or consume its resources.
- Common examples of application layer attacks include HTTP floods and Slowloris.
A volumetric attack is a type of denial-of-service attack that attempts to consume all of the bandwidth available to the victim. The attacker sends large amounts of data to the victim, resulting in the victim’s bandwidth being overwhelmed. This can cause the victim’s machine to slow down or even crash.
- Common examples of volumetric attacks include DNS amplification attacks and SYN floods.
What are the two common denial-of-service attacks?
The two most common denial-of-service attacks are the SYN flood and the DNS amplification attack.
The SYN flood is a type of protocol attack that targets the three-way handshake used to establish a TCP connection. The attacker sends a large number of SYN requests to the victim but never completes the three-way handshake. This overloaded the victim’s machine, preventing it from processing legitimate requests.
The DNS amplification attack is a type of volumetric attack that takes advantage of the fact that DNS responses are much larger than DNS queries. The attacker sends a small DNS query to a DNS server but includes the victim’s IP address as the source address.
Methods of Denial of Service Attack
There are two main methods of launching a denial of service attack:
- Exploiting vulnerabilities
Flooding is the most common method of launching a denial of service attack. Flooding attacks work by sending a large number of requests to the victim’s machine or application. The victim machine becomes overwhelmed and is unable to process all of the requests, resulting in a denial of service.
Exploiting vulnerabilities is a less common method of launching a denial of service attack. This method relies on finding flaws in the victim machine or application that can be exploited to cause a denial of service. Common examples of vulnerable services include DNS servers and web servers.
Drawbacks of Denial of Service Attack
There are a few drawbacks to launching a denial of service attack:
- The attacker must have a large number of machines or a high-bandwidth connection.
- The attack can be difficult to sustain for long periods of time.
- The victim can often mitigate the effects of the attack by implementing countermeasures.
10 Prevention Tips From Denial of Service Attack
There are a few things that you can do to prevent denial-of-service attacks:
- Keep your software up to date.
- Install a firewall.
- Monitor your network for suspicious activity.
- Implement rate-limiting on your servers.
- Drop invalid packets.
- Blackhole malicious traffic.
- Implement anti-spoofing measures.
- Use a content delivery network (CDN).
- Monitor your logs.
- Hire a security company to protect your network.