top of page
Search

Understanding Denial-of-Service (DoS) Attacks

  • Writer: Mohnish Singh
    Mohnish Singh
  • May 19, 2024
  • 3 min read

In the realm of IT, the term 'denial of service' (DoS) is used to describe the unavailability of an online service. Typically, a DoS incident occurs when specific components of IT infrastructure become overloaded. When this overload is intentionally caused by external entities, it transforms into a DoS attack. During a DoS attack, an assailant inundates a target URL with an excessive number of requests, overwhelming the server's capacity to handle them efficiently. Consequently, network devices, operating systems, and server services may only respond to requests with delays or not at all. A DoS attack is a form of cyber assault where a malicious actor seeks to disrupt the normal operation of a computer or device, rendering it inaccessible to its legitimate users. These attacks involve flooding a targeted system with an excessive volume of requests, leading to a breakdown in processing normal traffic and denying service to legitimate users. Typically, a DoS attack is executed using a single computer to launch the assault.


Strategies Underlying DoS Attacks

The strategies employed in denial-of-service (DoS) attacks can be categorized into three main types:


Bandwidth Overload (Volumetric):

Example: Flood Attacks

  1. In this strategy, attackers overwhelm a target with a massive volume of traffic, aiming to exhaust the available network bandwidth and disrupt services.

  2. By inundating a server with an overwhelming volume of packets, malicious actors can saturate the server's capacity, causing denial-of-service.

  3. For successful flood attacks, the attacker typically needs more available bandwidth than the target to effectively overwhelm the server and disrupt services.

Overload System Resource :

Example: Buffer Overflow Attacks

  1. In this approach, attackers focus on overloading the system resources of a target, such as memory, CPU power, or other critical components.

  2. This type of attack occurs when a memory buffer overflow causes a system to consume all available resources like hard disk space, memory, or CPU time.

  3. The outcome is often system instability, crashes, or other adverse behaviors that lead to denial-of-service.

  4. By exploiting vulnerabilities or weaknesses in the system, attackers aim to exhaust these resources, leading to service disruptions and denial-of-service.

Exploitation of Software Errors and Security Gaps:

  1. Attackers leverage software vulnerabilities and security gaps to launch attacks that disrupt services.

  2. This includes techniques like buffer overflow attacks, where an attacker exploits a memory buffer overflow to consume system resources excessively, leading to system crashes or sluggish behavior that results in denial-of-service.

Types of DOS


  1. Smurf attack - a previously exploited DoS attack in which a malicious actor utilizes the broadcast address of vulnerable network by sending spoofed packets, resulting in the flooding of a targeted IP address.

  2. Ping flood - this simple denial-of-service attack is based on overwhelming a target with ICMP (ping) packets. By inundating a target with more pings than it is able to respond to efficiently, denial-of-service can occur. This attack can also be used as a DDoS attack.

  3. Ping of Death - often conflated with a ping flood attack, a ping of death attack involves sending a malformed packet to a targeted machine, resulting in deleterious behavior such as system crashes.

  4. Fraggle Attack - A Fraggle attack floods the UDP broadcast address with packets containing a fake IP address, aiming to overwhelm network servers and cause network overload.

  5. HTTP Flood - An HTTP flood attack involves overwhelming a web server with a large volume of HTTP requests, disrupting its normal operation and potentially causing denial of service.

  6. LAND Attack - A LAND attack occurs when a malicious actor sends spoofed packets with the target's IP address and port number, causing the target system to crash or become unresponsive.

  7. NTP Amplification - An NTP amplification attack exploits vulnerable NTP servers to amplify traffic towards a target, overwhelming its resources and causing a denial of service.

  8. SYN Flood - A SYN flood attack floods a target server with a high volume of TCP connection requests (SYN packets), exhausting its resources and preventing legitimate connections.

  9. UDP Flood - A UDP flood attack inundates a target with a large number of UDP packets, aiming to saturate its capacity and disrupt services by overwhelming the network.

Ongoing DDOS Trends

Leading DDos providers have notified on significant change in the popularity of different DDoS attack vectors:

  1. DNS-based DDoS attacks became the most common attack vector, accounting for 30% of all attacks. This includes DNS floods and DNS amplification/reflection attacks.

  2. SYN flood attacks dropped to second place, making up 22% of attacks.

  3. UDP-based attacks were the third most popular, responsible for 21% of DDoS attacks.

This means nearly a third of all layer 3/4 DDoS attacks in Q1 2023 targeted DNS servers or used DNS amplification techniques. SYN floods, which had been the top attack vector, fell to second place. UDP-based attacks also remained a common choice among attackers.

Comments

bottom of page