What is DoS or DDoS attack?

What is DoS?

A DoS attack is an attack designed to make a target application or system less able to respond to legitimate requests. This includes everything from degrading its availability to causing a complete crash.
DoS attacks can be performed in several different ways. For example, an attacker may exploit a vulnerability in a target application that causes it to crash. Since this takes the application offline, it is a DoS attack.

Another form of a DoS attack is more closely related to a DDoS attack. In this type of attack, the attacker uses a computer to send many spam requests to a target application or server with the goal of overwhelming it. Since any resources that the target application or server devote to handling these spam requests cannot be used for legitimate requests, the availability of the system decreases.

What is DDoS?

DDoS attacks are a scaled-up version of this second type of DoS attack. Instead of using a single computer, an attacker will use many different Internet-connected devices to launch a coordinated attack against a target application. The greater scale possible with these attacks makes them more likely to take a target system offline.

These DDoS attacks are typically performed using botnets, which are networks of computers under the attacker’s control. While botnets can be built using cheap cloud computing resources, it is more common for cybercriminals to build botnets from systems compromised during their attacks.

These botnets are typically composed of insecure and easily compromised Internet-connected devices. For example, Mirai built a botnet of 400,000 compromised devices at its peak by logging into devices using one of a set of sixty-one default login credentials. Other botnets take advantage of vulnerabilities in devices that are infrequently patched and updated, such as routers and Internet of Things (IoT) devices.

Types of DDoS Attacks

DDoS attacks can be accomplished in a variety of ways. The three main categories are:

• Volumetric Attacks: Volumetric attacks are designed to disrupt or disable a service by sending it more data than it can handle. The attacks use up all of the target’s available bandwidth, leaving no space for legitimate traffic.
• Protocol Attacks: Protocol attacks are designed to take advantage of the limitations or weaknesses of network protocols. For example, an attack may be designed to consume all available sessions on a web server, leaving it unable to accept additional, legitimate requests.
• Application Attacks: An application targeted by a DDoS attack has a finite amount of resources available to it. A DDoS attack may attempt to exhaust these resources by consuming the network connections, memory, or processing power available to an application.

DDoS attacks can be accomplished in different ways as well. For example, amplification attacks are a common method of performing volumetric attacks. In an amplification attack, the attacker sends traffic to a service (like DNS) whose responses are larger than the corresponding requests. By spoofing their IP address to that of the target, the attacker has more data sent to them than the attacker sends out, amplifying the impact of their attack.

How To Protect Against Attacks

DDoS attacks are performed by networks of machines that send spam requests to a target application or server. The best way to protect against these attacks is to deploy an anti-DDoS solution that identifies and blocks the malicious traffic before it reaches the target.

However, this scrubbing of network traffic can be difficult, depending on the sophistication of the attack. More sophisticated DDoS attackers will use traffic that is extremely similar to legitimate traffic. If a scrubber fails to block this traffic, then it does not adequately protect the target system. On the other hand, accidentally scrubbing legitimate requests does the attacker’s job for them.

Protecting against the DDoS threat requires a sophisticated DDoS protection solution capable of accurately identifying and blocking DDoS traffic while allowing legitimate traffic to pass through unhindered. Check Point DDoS Protector offers zero-day DDoS protection and can block a variety of DDoS attacks using multi-layered protection that is customized to the business.

DDoS attacks pose a significant threat to organizations, but they are only one aspect of the cyber threat landscape. To learn more about the cyber threats that organizations face today, check out Check Point’s 2021 Cyber Security Report. You’re also welcome to request a security checkup to help identify security gaps that might be leaving your organization vulnerable to DoS or other attacks.

What are DoS and DDoS attacks?

If your favourite website is down, there’s a chance it’s suffering a Denial of Service (DoS) attack. This is more likely if the site is an online shop, a bookie or another site that relies financially on being online at all times.

Enemy at the gates

A DoS attack tries to make a web resource unavailable to its users by flooding the target URL with more requests than the server can handle. That means that during the attack period, regular traffic on the website will be either slowed down or completely interrupted.

A Distributed Denial of Service (DDoS) attack is a DoS attack that comes from more than one source at the same time. A DDoS attack is typically generated using thousands (potentially hundreds of thousands) of unsuspecting zombie machines. The machines used in such attacks are collectively known as “botnets” and will have previously been infected with malicious software, so they can be remotely controlled by the attacker. According to research, tens of millions of computers are likely to be infected with botnet programs worldwide.

Cybercriminals use DoS attacks to extort money from companies that rely on their websites being accessible. But there have also been examples of legitimate businesses having paid underground elements of the Internet to help them cripple rival websites. In addition, cybercriminals combine DoS attacks and phishing to target online bank customers. They use a DoS attack to take down the bank's website and then send out phishing e-mails to direct customers to a fake emergency site instead.

DoS attacks have proven to be very profitable and are taking over the Internet. The Network Infrastructure Security Report points out that DDoS attacks have increased by 1000 per cent since 2005. 2010's biggest attack doubled in scale compared to 2009, with one attack in particular bombarding its target at 100 gigabits per second.

A new type of warfare

A WikiLeaks story from 2010 has redefined DDoS attacks as a legitimate form of protest. Computing expert Richard Stallman has gone on record saying DDoS attacks are "the Internet equivalent of a mass demonstration." Stallman defines such "demonstrations" as being separate from hacking or cracking, and compares them with harmless demonstrations that temporarily closed down several British stores recently, in order to highlight corporate tax evasion.

However, you should know that DDoS attacks are illegal under the Computer Fraud and Abuse Act and can lead to prison time.

Furthermore, new factors that arise every day are making DDoS attacks a big concern, especially with the growth of high-speed fibre optic Internet connections and mobile computing devices.

Was this article helpful?

What is DoS and DDoS attack with example?

What is DDoS attack vs DoS?

What does DoS attack mean?

What is DoS attack with example?