Denial of Service (DoS)

A quick guide to Denial of Service attacks - what they are and how they affect normal access to websites.

What is a Denial of Service?

A Denial of Service (DoS) attack is a type of assault against a program, system, network, website or online service that disrupts their normal function and prevents other users from accessing it. Usually, when people talk about DoS, it refers to an attack against a website or online service.

What happens in a DoS attack?

Attacked sites see a huge increase in network traffic, up to a rate of several gigabits per second – far beyond the capacity of most sites. The site becomes slowed or completely disconnected or crashed. If the site isn't adequately defended against DoS attacks, restarting it is useless, as reconnecting to the Internet just exposes it to the same attack, causing it to crash again and again until the attack ceases.

There have been numerous cases of DoS attacks being launched for personal reasons – a grunge against a user, the service, or just pure mischief. In recent years however, there have also been cases of DoS attacks that were launched because of corporate or political rivalry.

How a DoS attack is done

Technically, a DoS attacks prevents users from accessing a website, server or other targeted service by either overwhelming its physical resources or by disrupting all the network connections to it.

An attack can overload a website's physical resources by sending it so many requests in such a short time that it overwhelms all the site's available memory, processing or storage space. Once those limits are reached, the site has to first clear all the pending requests before new ones are can be accepted, and so blocking out any other users trying to reach the site – in other words, a denial of service.

Similarly, an attack can disrupt all the available network connections to a site by rapidly sending invalid, malformed, or just overwhelming amounts of connections requests to it. While the site attempts to unsnarl these requests, no other users can connect to it, again resulting in a denial of service.

In some instances, a malware or an attacker can find and exploit a vulnerability in a program or website that also triggers incorrect use of the available resources or network connections, which also leads eventually to a denial of service.

DoS attacks can be made by a single attacker using a simple utility program (sold in underground forums) to attack a program or site. Some malware also include the ability to launch DoS attacks, using the resources of the infected machines or devices to perform the attack. If multiple infected machines launch attacks against the same target, it's known as a ‘distributed denial of service attack, or DDoS. The collective resources of botnets can also be used to launch and control DDoS attacks.

Defending against DoS attacks

Many websites targeted by DoS attacks have been slowed or crashed for periods ranging from a few hours to a couple days. For online businesses, the forced downtime can result in significant losses. Perhaps the biggest case of DoS (or rather, DDoS) attacks was the 2007 attacks on Estonia, in which many of the online resources of the Estonian government were targeted.