Denial of Service (DoS)

A quick guide to Denial of Service attacks - what they are and how they affect normal access to websites

A Denial of Service (DoS) is a type of attack on a service that disrupts its normal function and prevents other users from accessing it.

The most common target for a DoS attack is an online service such as a website, though attacks can also be launched against networks, machines or even a single program.

How a DoS attack works

A DoS attack prevents users from accessing a service by overwhelming either its physical resources or network connections. The attack essentially floods the service with so much traffic or data that no-one else can use it until the malicious flow has been handled.

One way to overload a service's physical resources is to send it so many requests in such a short time that it overwhelms all the available memory, processing or storage space. In extreme cases, this may even lead to damage of the physical components for these resources.

Similarly, to disrupt a service's network connections a DoS attack can send invalid, malformed, or just an overwhelming number of connection requests to it. While these are being addressed, connection requests from legitimate users can't be completed. 

Occasionally, a DoS attack exploits a vulnerability in a program or website to force improper use of its resources or network connections, which also leads to a denial of service.

Some malware also include the ability to launch DoS attacks. When they infect a computer or device, these threats can use the resources of the infected machines to perform the attack. If multiple infected machines launch attacks against the same target, it's known as a Distributed-Denial-of-Service (DDoS)attack.

The volume of data used in a DoS or DDoS attack can be huge, up to a rate of several gigabits per seconds. Botnets are quite often used to perform DDoS attacks, as many services do not have the resources needed to counter an attack from thousands, or even hundreds of thousands, of infected devices.

For example, the largest known DDoS attack was the result of the 2016 Mirai botnet.

DoS attack used for profit

There have been numerous cases of DoS attacks being launched for personal reasons — a grunge against a user, the service, or just pure mischief. Services under attack can be slowed or crashed for periods ranging from a few hours to a couple days.

For many businesses, the forced downtime can result in significant disruption to their users, or even financial losses. Users trying to access a service that is under attack will usually perceive that it is either loading slowly, keeps getting disconnected, or can't connect at all.

There have also been cases of DoS attacks that were launched because of corporate or political rivalry. Perhaps the most notable case of an attack that was attributed to political rivalry was the 2007 attacks on Estonia, in which many of the online resources of the Estonian government were targeted.

Defending against a DoS attack

Launching a DoS attack used to require a certain level of technical knowledge and ability. This tended to limit their use to people who were skilled, or were able to find and hire someone with the necessary skills.

Nowadays however, there are simple programs or tools available for sale in online criminal forums that allow even an unskilled user to launch a DoS attack. This had made such attacks much more feasible for criminals and other parties looking to disrupt an online service.

The threat of being targeted by DoS attacks have lead many major online services to implement various strategies for handling overwhelming floods of data or traffic.

Some of the anti-DoS techniques include:

  • Traffic analysis and filtering
  • Sinkholing
  • IP-based prevention

For many smaller services however, such countermeasures can be prohibitively costly.

If adequate defenses are not in place, simply restarting the service can be fruitless as long as it remains exposed to the same attack, causing it to crash again and again until the attack ceases.