A denial-of-service attack or DoS is a variant of a cyber attack in which the attacker tries to make a computer or any other device completely unavailable to the intended users. The attacker or the malicious actor tries doing that by disrupting the normal functioning of the device.
This type of attack usually involves sending abnormally high number of requests to the target device until the normal traffic can no longer be processed because the target or the victim device becomes overwhelmed by the requests sent by the attacker.
What the actual users who are supposed to access the device can no longer access the device; it leads to denial of service. This is what is known as denial-of-service attack. A denial-of-service attack is usually launched from a single device.
When the same attack is launched from distributed resources (multiple devices), it is known as distributed-denial-of-service (DDoS) attack. Usually, botnets are involved in such DDoS attacks.
Now that you know what a DoS attack actually means, it is time to understand how it works. Ready?
How a Denial-of-Service Attack Works?
The target of the malicious actor or the attacker who launches the DoS attack is to oversaturate the target or the victim machine’s capacity. When the capacity is oversaturated, any additional request from the intended users is not processed, and this leads to denial-of-service.
The DoS attacks can have different vectors (mediums). However, these vectors can be broadly categorized into two different groups. Those two groups are:
- Buffer Overflow Attacks
- Flood Attacks
Let’s find out the meanings of these…
Buffer Overflow Attacks
In this form of attack, the attacker aims at memory buffer overflow. When that happens, the machine consumes all the memory, CPU time, and hard disk space. As a result, the machine starts behaving sluggishly, and eventually crashes. In case of web servers, there can be other damaging behaviors that eventually lead to denial-of-service.
In case you are thinking what is memory buffer overflow, it is basically an anomaly in which software writing data to a buffer overflows the capacity of the buffer. This overflow eventually leads to overwriting of the memory adjacent to the buffer.
To further simplify, too much information passes into a container that doesn’t have enough space. The extra information that the container cannot hold passes on to adjacent containers and replaces the data present in the adjacent containers.
The buffer memory or the data buffer lives in RAM and it is an area of the physical memory storage. This buffer temporarily stores data while the data is being moved from one place to another.
In this form, a malicious actor or the attacker with more bandwidth than the target server sends an overwhelming number of packers to the target server. This oversaturates the server capacity, leading to denial-of-service.
The main thing to remember here is that the target server should have less bandwidth than the attacker otherwise it won’t work!
How to Know if Your Computer in Under a DoS Attack?
This is where things can become difficult. There can simply be heavy bandwidth consumption or there can be some network connectivity error. It is really difficult to say whether you are under a DoS attack or not. However, it doesn’t mean that there are no indicators. There are a few things that may tell you that you are under a possible attack. Those indicators include:
- If websites or files are taking abnormally long time to load, it indicates an atypical slow network.
- If you are unable to load a particular website (may be your own website), it may indicate an attack.
- If all devices on the same network suddenly lose connection, it may imply a DoS attack.
Common Denial-of-Service Attacks Used Historically
Denial-of-service attacks are known for exploiting a network’s, software’s or hardware design’s security vulnerabilities. However, today the DoS attacks have become less prevalent because DDoS attacks have emerged.
The DDoS attacks have greater disruptive capabilities, and they are not difficult to launch with given tools. However, one shouldn’t forget that even DoS attacks can be easily converted into DDoS attacks.
Some of the commonest DoS attacks that have been used historically include:
- Ping of Death: This form of attack is often combined with ping flood attack. The Ping of Death attack involves sending an abnormal packet (known as malformed packet) to the victim machine. When that packet reaches the machine, it harms the machine, and it can lead to a crash.
- Ping Flood: In this form, the target or the victim machine is overwhelmed by sending enormous number of ping (ICMP: Internet Control Message Protocol) packets. Too many ping packets overwhelm the target machine because it cannot respond efficiently. The result is a denial of service.
- Smurf Attack: In this form of attack, the malicious actor will send spoofed packets by utilizing a vulnerable network’s broadcast address. The result is that the target IP gets flooded, resulting in a denial of service.
Are There Any Defenses Against DoS Attacks?
Yes, there are some defenses. You can engage in traffic analysis and filtering. You may also deploy sinkholing (redirecting traffic to an altered destination) or IP-based prevention. However, for small business, these countermeasures can be extremely costly.
If you think of restarting the service, the attempt will be futile if the service remains exposed to the attack. The attacker will anyway keep attacking and disrupting the service. It will end only when the attack stops.
For small websites and other online businesses, the most effective defense is to employ a third-party service such as Cloudflare or Sucuri that can prevent DoS attacks irrespective of their size and scale while still allowing normal traffic to hit the intended service.
Why DoS Attacks & Its Ramifications
DoS attacks can be launched for many reasons that include a grunge against a service or a user. Someone may just want to have fun, or even want to cause financial losses.
DoS attacks can lead to service slowdown or complete disruption (crash) that can last for anywhere between a few minutes to even a couple of days.
Such downtimes can lead to forced shutdown of all or several related services of a business, leading to massive financial losses. For example, if a DoS attack is launched on an ecommerce site, the real users who visit the site will think that the site loads slowly or keeps disconnecting frequently or it doesn’t load at all! The users will leave the site for good and perhaps, become customers of competing businesses.
There are several cases where political or business rivalry have led to DoS attacks. One prime example is the 2007 attacks on the Estonian government when several of its online resources were targeted. It was caused because of political rivalry.
The ramifications of a proper DoS attack can be far-reaching for both small and big businesses. So, it is important to stay protected or have layers of protection available that will mitigate such DoS attacks, irrespective of their size and scale.