Denial Of Service Attack (DoS)

Dennis Faas's picture

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

Saturating Communication Requests

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.

In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

Symptoms and Manifestations of DoS Attacks

The United States Computer Emergency Response Team defines symptoms of denial-of-service attacks to include:

  • Unusually slow network performance (opening files or accessing web sites)
     
  • Unavailability of a particular web site
     
  • Inability to access any web site
     
  • Dramatic increase in the number of spam emails received -- (this type of DoS attack is considered an email bomb)

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be compromised without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

Methods of Attack

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.

Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:

  1. Consumption of computational resources, such as bandwidth, disk space, or processor time.
     
  2. Disruption of configuration information, such as routing information.
     
  3. Disruption of state information, such as unsolicited resetting of TCP sessions.
     
  4. Disruption of physical network components.
     
  5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:

  • Max out the processor's usage, preventing any work from occurring.
     
  • Trigger errors in the microcode of the machine.
     
  • Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
     
  • Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.
     
  • Crash the operating system itself.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
No votes yet