Denial-of-Service (DoS) attacks are used to render a computer or network inaccessible to its intended users by flooding it with traffic or sending it information that causes it to crash. An attack of this nature robs legitimate users (such as employees, members, or account holders) of the services and resources they expect.
Types of DoS Attacks
There are two basic types of DoS attacks: flooding and crashing. Flood attacks occur when the system receives too much traffic for the server to handle, causing it to slow down and eventually stop responding. The most common flood attacks include:
- Buffer overflow attacks – cyber criminals send more traffic to a network address than the programmers have built the system to handle.
- Smurf attack/Ping of death – exploits misconfigured network devices by sending spoofed packets that ping every computer on the network, not just one specific machine. Then, the network is triggered to increase the traffic.
- SYN floods – send requests to connect to a server that are never completed. Continues until all open ports are saturated and there is no way for legitimate users to connect.
Crashing attacks find and exploit vulnerabilities that cause a system or service to crash. In these attacks, cyber criminals take advantage of bugs in a system that eventually crash or severely destabilize it so that it can’t be accessed by legitimate users.
Distributed Denial of Service (DDoS) Attack
The DDoS attack is an additional type of DoS attack. DDoS attacks are orchestrated by multiple systems to attack a single target simultaneously. In contrast to being attacked from one location, a system or network is attacked from many locations at the same time.
DDoS attacks provide significant benefits to cyber criminals including their location is more difficult to determine and the attack is more challenging to shut down as it’s coming from multiple machines in a variety of locations.
What to Know About DoS Attacks
Cybercriminals carrying out DoS attacks commonly target web servers of organizations in industries like commerce, banking, government, and media. These attacks don’t often result in stealing or deleting information, but they do cause significant disruptions that can cost a lot of time and money. And, while most modern cybersecurity programs have been developed to defend against DoS attacks, DDoS attacks are considered to be a significant cyber threat to organizations.