What is a denial of service attack (DoS)?

The main objective of a DoS attack is to render a device or service unavailable to legitimate users. To do this, the target of the attack is flooded with requests until normal traffic cannot be processed.

Denial of service attacks cause a loss of availability and/or function and cost businesses time and money to rectify while services are offline. Common services that tend to be affected include websites, email and online banking.

DoS attacks have become one of the most pervasive cyber attack types because of their effectiveness and the ease with which they can be orchestrated.

Increasingly, such attacks have been associated with geopolitical events. In Q4 2023, for example, malicious traffic to Taiwan rose by 3,370% with Palestinian websites also experiencing an increase of 1,126%.

Distributed denial of service (DDoS) attacks

Standard denial of service attacks are typically initiated by a single computer.

However, in a distributed denial of service (DDoS) attack, the attacker employs a network of devices infected with malware. Each device is called a bot, with clusters of bots known as botnets.

When a DDoS attack takes place, each bot in the network submits requests to the IP address of the target. This generates an enormous volume of traffic that quickly overwhelms the target, and the attack itself is also harder to defend since each bot has a different IP address.

The three categories of DoS attacks

DoS and DDoS attacks can be broadly categorised into three different categories.

Protocol attacks

Protocol attacks exploit vulnerabilities in network protocols that deplete the target’s resources and make it unable to process legitimate requests. These attacks consume the resources of services, firewalls and load balancers.

Two types of protocol attacks include SYN floods and the Ping of Death (POD) attack, where attackers send oversized packets that cause the target system to crash or freeze.

Volume-based attacks

Volume-based attacks aim to consume the target’s bandwidth and oversaturate server capacity to the point where it crashes. For these attacks to be successful, the attacker must have more bandwidth than the target.

Two common types of volume-based attacks include ICMP floods and UDP floods. Both are relatively simple to execute and are difficult to detect since they mimic authentic network traffic.

Application layer attacks

Application layer attacks exploit the topmost layer of the Open Systems Interconnection (OSI) model – a framework that divides network communications functions into seven discrete layers.

The application layer is the only layer where direct interaction between users and network services occurs, with software (such as web browsers) and email platforms dependent on it to initiate communication.

Unlike other DoS attack types, application layer attacks are more nuanced and exploit specific vulnerabilities within an application itself.

Common types include HTTP floods and slow loris attacks, where connections are sent to a web server and held open as long as possible to prevent the server from handling legitimate user requests.

Prevention systems for DoS and DDoS attacks

There are various measures businesses can implement to protect themselves against denial-of-service attacks:

• Infrastructure and network management – firewalls can be set to filter out malicious traffic, while the implementation of rate limiting restricts the number of requests a server will accept over a certain period.
• Security solutions – providers such as Cloudflare and AWS Shield offer specialised intrusion detection services that detect DoS attacks and redirect malicious traffic.
• Incident response – in the event of an attack, it is vital employees know what to do and who is responsible. Clearly defined processes should be established for communication, mitigation and recovery.
• Infrastructure hardening – the act of adding security to each component of a company’s infrastructure. This encompasses web servers, application servers, database systems, and access management solutions.

Summary:

• Denial of service (DoS) attacks are a form of cyber attack where the aim is to make a network, system or device unavailable to legitimate users. This is accomplished by overwhelming the target with excessive traffic or exploitation of its vulnerabilities.
• While denial-of-service attacks are orchestrated by a single computer, distributed denial-of-service (DDoS) attacks employ networks of compromised devices to send large volumes of traffic to the target.
• DoS and DDoS attacks can be categorised as either protocol attacks, volume-based attacks or application layer attacks. Mitigating these attacks requires robust security services, an incident response plan, network management and infrastructure hardening.