DoS in cybersecurity stands for Denial-of-Service. DoS attacks aim to make a system or network unavailable to its intended users by overwhelming it with malicious traffic or exploiting system vulnerabilities.
Whether it's a small business or a multinational corporation, no entity is immune to these disruptions, which can lead to severe financial and reputational damage. Estimated at $325,000 per hour for affected businesses.
In this article, we are going to cover the definition of a DOS attack, types, common examples, impact, and so much more information. It will help you understand how DoS attacks are carried out and what you can do to protect yourself from DoS attacks.
You can also check join our cyber security courses, to learn more about the technical details of Denial-of-service attacks and how to resolve them.
A Denial-of-Service (DoS) attack is a cyberattack that attempts to overload a website, server, or network with excessive traffic or requests, causing significant slowdowns or complete unavailability of services.
Typically, a DoS attack uses a single machine to flood the target, exhausting its resources and preventing it from handling legitimate requests. Successful attacks can lead to partial or total service outages and often require substantial time and resources to detect, mitigate, and recover from.
The MITRE ATT&CK framework categorizes denial-of-service attacks under several techniques, primarily including T1499: Endpoint Denial of Service, T1498: Network Denial of Service, and T1499.001: OS Exhaustion Flood.
Most DoS attacks rely on sending repetitive or malformed requests at high volumes or at strategic times. Attackers use scripts or specialized tools to automate the process.
For example, a SYN flood sends repeated TCP connection requests without completing the handshake, leaving the server waiting indefinitely. Over time, the server becomes overwhelmed with half-open connections, blocking legitimate traffic. Other attacks may use malformed packets or exploit memory leaks to trigger system crashes.
There are six types of DOS attacks:
1. Teardrop Attack
In a teardrop attack, fragmented packets are sent to the target system with overlapping or malformed offsets. When the system tries to reassemble them, it crashes or becomes unstable due to the improper handling of the corrupted packet structure. This was more effective against older operating systems.
2. Flooding Attack
A flooding attack overwhelms a system or network with an enormous volume of traffic or requests, exhausting resources like bandwidth, memory, or CPU. Common examples include ICMP floods and SYN floods, which can quickly bring services to a halt.
3. IP Fragmentation Attack
This technique involves sending fragmented IP packets in a way that consumes the target's resources during reassembly. These fragments are either incomplete or designed to never fully assemble, causing systems to allocate memory unnecessarily until they crash.
4. Volumetric Attack
Volumetric attacks generate massive amounts of data to saturate the target’s internet bandwidth. This prevents legitimate users from accessing the system. Examples include DNS amplification and UDP floods, often carried out using botnets.
5. Protocol Attack
Protocol attacks exploit weaknesses in Layer 3 and Layer 4 protocols, such as TCP, ICMP, or DNS. They consume connection state tables on servers, firewalls, or load balancers by initiating partial connections or malformed packets, leading to system resource exhaustion.
6. Application-Based Attack
These attacks target specific applications or services at Layer 7 of the OSI model. By mimicking legitimate requests, they are harder to detect and can bring down web servers or APIs using relatively low traffic volumes. HTTP floods are a common form of this attack.
The following are some of the popular real-world examples of DOS attacks:
1. Panix SYN Flood Attack (1996)
In September 1996, New York-based ISP Panix became one of the first known victims of a SYN flood DoS attack. The attacker overwhelmed Panix's servers with a high rate of SYN packets—between 150 and 210 per second—causing significant service disruptions over several weeks.
2. Royal Family Website Attack (2023)
On October 1, 2023, a denial-of-service attack caused royal.uk, the official website of the British royal family, to be down for almost ninety minutes. Although their involvement was not verified, the pro-Russian hacker collective KillNet took credit. During the incident, no private information was compromised.
3. Pennsylvania Courts DoS Attack (2023)
In September 2023, Pennsylvania's state court system experienced a DoS attack that disrupted several online services, including docket sheets and electronic case filings. Despite the disruption, court operations continued with paper filings, and no data breaches occurred.
1. Interrupts access to websites, applications, or online services.
2. Causes revenue loss due to downtime and recovery costs.
3. Damages customer trust and brand reputation.
4. Can expose vulnerabilities, leading to further attacks.
5. Consumes bandwidth and server resources, affecting performance.
While it’s impossible to prevent all attacks, several strategies can significantly reduce the risk and impact of DoS threats:
1. Use DDoS Protection Services: Absorb and filter malicious traffic (e.g., Cloudflare, AWS Shield).
2. Apply Rate Limiting: Prevent request floods by limiting user activity.
3. Keep Systems Updated: Patch known vulnerabilities to reduce attack surfaces.
4. Monitor Network Traffic: Detect unusual patterns early with traffic monitoring tools.
5. Have a Response Plan: Ensure your team is ready to react quickly and effectively during attacks.
Here's a concise table explaining the difference between DoS and DDoS attacks:
Aspect | DoS (Denial of Service) | DDoS (Distributed Denial of Service) |
---|---|---|
Source | Single system | Multiple systems (botnet) |
Complexity | Simple to execute | More complex and coordinated |
Detection | Easier to detect and block | Harder to trace due to its distributed nature |
Scale | Limited impact | Large-scale, more disruptive |
Mitigation | Relatively easier | Requires advanced mitigation tools |
Denial-of-Service attacks represent a persistent threat in the cybersecurity landscape, capable of halting critical services and causing extensive damage. Whether through proper configuration, intelligent traffic handling, or proactive monitoring, organizations and individuals can strengthen their defenses and minimize the impact of these DoS attacks.
Amar Singh is a senior security architect and a certified trainer. He is currently working with a reputed organization based out of India. His accomplishments include CCNA, CCNP Security, CEH, Vmware, Checkpoint and Palo Alto Certifications. He is holding more than 12 years of experience in Network security domain. In his career he has been ...
More... | Author`s Bog | Book a Meeting