The term DoS stands for
Denial of Service, which is a type of cyber attack where the target, such as a website, is flooded with traffic in order to disrupt its normal operations. Two of the general goals of DoS attacks are flood attacks where the target is flooded with traffic and attacks where the goal is to crash the targeted service.
Signs of a denial of service attack include:
Although a slow internet connection, crashing and difficulties in using certain services can be indicators of a denial of service attack, there can be a harmless explanation for these things as well. A website may slow down or crash when it suddenly receives more traffic than it is prepared for. For example, an online store is probably well prepared for a large number of shoppers during special sales, so the unusually high number of legitimate users is unlikely to have a negative impact on the site’s performance. A denial of service attack on the other hand happens unexpectedly and is something the site is unlikely to expect.
A simple denial of service attack can also be used in online gaming to gain an unfair advantage against opponents by disrupting their internet connection. In a situation like this, one way to prevent a denial of service attack from happening is by changing your IP-address.
Whereas a denial of service attack can be carried out by a single device, distributed denial of service attacks, or DDoS attacks, use multiple devices to attack their target. Because of this, DDoS attacks are able to overwhelm their targets with even greater amount of requests than a regular DoS attack. One way that DDoS attacks are able to use multiple sources at the same time is with something known as a botnet.
Simply put, botnets are networks of devices that have been hijacked to be used in a distributed denial of service attack. The devices in a botnet are infected with a piece of malware that takes over its victim. When the DDoS attack begins, the devices in a botnet all flood the attack’s target with requests simultaneously. As a consequence, the targeted service, such as a website reaches its capacity and its performance is greatly hindered.
Nowadays, all sorts of devices can be connected to the internet, including webcams, home appliances, speakers and even smart toilets. This refers to Internet of Things or IoT. Although IoT provides numerous opportunities, it poses some threats as well. When devices are connected to the internet they are also susceptible to malware and can thus be used to carry out DDoS attacks as a part of a botnet.
One notable example of a botnet that exploited IoT devices is Mirai. It is responsible for one of the largest and best-known DDoS attacks on many large and widely used websites such as Twitter and Netflix. The devices used in the Mirai-botnet attack included routers and webcams.
Although DoS and DDoS attacks are used for much of the same purpose, there are some notable differences between these two.
Normal denial of service attacks that do not require an expansive botnet are on the rise as the tools to pull off a DoS attack have become more accessible. With a user-friendly user interface, using these tools to flood servers with traffic does not require expert-level technical skills.
We can make a general distinction between three types of DDoS attacks. These are volumetric, application layer and protocol attacks. Let’s look at these three types of DDoS attacks in more detail.
A volumetric DDoS attack aims to consume as much bandwidth with traffic as possible. The amount of traffic can be hundreds of gigabytes or even terabytes every second. The goal of such an attack is to cause congestion on the targeted service or website. However, volumetric attacks can also act as a way to hide other types of suspicious activity.
Application layer attacks (also known as layer 7 attacks) target specific points in the application layer. What makes an application layer attack different is that it is not targeted at the system as a whole but a specific point in it.
Whereas an application layer attack takes place in the so-called 7th layer, a protocol DDoS attack targets layers 3 and 4. This is the target server’s networking layer. Protocol DDoS attacks are used to use up resources of the target’s firewall, for instance.
DDoS bots are malware just like any other. That’s why private persons should also take action to defend themselves against them. F‑Secure TOTAL comes with an antivirus that keeps you safe from malware that can make your device a part of a botnet. Meanwhile, F‑Secure’s versatile VPN allows you to browse online safely and in private. Read more about F‑Secure TOTAL and try it for free.