Denial of Service (DoS/DDoS)
A Denial of Service (DoS) attack overwhelms a system, server, or network with excessive traffic or requests to make it unavailable to legitimate users. A Distributed Denial of Service (DDoS) attack uses multiple compromised systems to amplify the assault.
Denial of Service (DoS) attacks are designed to disrupt the availability of targeted services, making them inaccessible to legitimate users. While a basic DoS attack originates from a single source, a Distributed Denial of Service (DDoS) attack uses a network of compromised devices (a botnet) to generate traffic from many sources simultaneously, making the attack much harder to mitigate. DDoS attacks can generate traffic volumes measured in terabits per second, overwhelming even robust infrastructure.
DDoS attacks are categorized into three main types. Volumetric attacks flood the target with massive amounts of traffic, consuming all available bandwidth. Examples include UDP floods, ICMP floods, and DNS amplification attacks. Protocol attacks exploit weaknesses in network protocols to exhaust server resources or intermediary equipment like firewalls and load balancers. Examples include SYN floods and Ping of Death attacks. Application-layer attacks target specific services with seemingly legitimate requests designed to exhaust application resources, such as HTTP floods or Slowloris attacks.
The motivations behind DoS attacks vary widely. They may be launched for financial extortion (ransom DDoS), competitive sabotage, hacktivism, distraction during a more targeted intrusion, or simply for disruption. The availability of DDoS-for-hire services (booters and stressers) has made it possible for virtually anyone to launch significant attacks for minimal cost.
Defense against DDoS attacks involves multiple strategies. Content delivery networks (CDNs) and DDoS mitigation services can absorb and filter attack traffic. Rate limiting and traffic shaping help manage abnormal traffic patterns. Web application firewalls protect against application-layer attacks. Anycast routing distributes attack traffic across multiple data centers. Organizations should also develop DDoS response plans, establish relationships with their ISP and DDoS mitigation providers, and conduct regular testing to validate their defenses.