Denial-of-Service Attack

Overview of denial of service (DoS) attacks

A denial-of-service (DoS) attack is a type of cyber-attack in which a malicious actor attempts to make a computer, network, or other device unavailable to its intended users by overwhelming it with a flood of illegitimate traffic. This disruption renders the targeted system unable to fulfil legitimate requests, effectively denying service to regular users. A distributed denial-of-service (DDoS) attack involves multiple compromised computer systems, often infected with malware, coordinating to flood a single system with traffic, making it more difficult to defend against due to the coordinated efforts from multiple sources. Both DoS and DDoS attacks involve deliberately overloading the targeted system to disrupt its normal operation.

Types of DoS attacks: buffer overflow and flooding

The main objective of a DoS attack is to overwhelm the capacity of the targeted machine, rendering it unable to service new requests. DoS attacks typically employ various attack vectors, which can be categorised by their similarity and often fall into two main categories: buffer overflow and flooding attacks. Buffer overflow is a type of attack where a memory buffer overflow can cause a machine to consume all available hard disk space, memory, or CPU time. This type of attack often results in slowness, system crashes or other harmful server behaviour, leading to denial of service. In the case of flood attacks, the malicious actor overloads the targeted server with an overwhelming number of packets, it can oversaturate server capacity, resulting in a denial-of-service.

Evolution of DoS to DDoS attacks

In the past, DoS attacks have generally exploited vulnerabilities in the design of networks, software, and hardware. Vulnerabilities refer to flaws that allow an outsider to perform actions on the target system that should not normally be allowed. These attacks have decreased because DDoS attacks are more disruptive and relatively easy to create with the tools available. In reality, most DoS attacks can also be transformed into DDoS attacks.