A DOS (denial-of-service) attack transpires when an attacker does something that prevents valid users from making use of computer systems, devices, or other network resources.
DOS attacks naturally deluge servers, systems, or networks with traffic in order to overpower the victim resources and make it tough (or even impossible) for valid users to use them. Often an attack can be dealt with by simply restarting the system, but flooding attacks can be tougher to recover from.
Guidelines to Determine a DOS Attack
- Deterioration in network performance, specifically when trying to retrieve files saved on the network, or when attempting to retrieve websites
- Particular websites cannot be reached
- Trouble with retrieving any website
- A higher than usual volume of spam email
Experts suggest a number of tactics for businesses to protect against a DOS attack. One of these is formulating an incident response plan in advance of any attack, so that when the attack happens (if, indeed, it ever does) the business will know how to handle it. Once there is a feeling that a DOS attack is happening, businesses should contact their ISP to ascertain whether the occurrence is an authentic DOS attack, or whether it’s deterioration of performance triggered by some other issue. The ISP can help lessen the attack by redirecting malicious traffic, as well as by using load balancers to decrease the impact of the attack.
Businesses may also want to consider the possibility of using DOS attack detection products. There are some intrusion detection and intrusion prevention systems and firewalls that offer DOS attack recognition functionalities. Other options may be: engaging with a backup ISP, or utilising cloud-based anti-DOS services.
There have been instances where DOS attackers require payment from victims in order to stop the attacks, but financial gain is not typically the reason behind this kind of attack. In many instances, the attackers want to inflict harm upon the organization or individual targeted in the attack. In other cases, the attackers are simply trying to distress the victim, by inflicting as much damage and inconvenience as possible to the greatest number of victims. When the criminal behind a DOS attack is identified, the reasons for an attack may well be subsequently revealed.
Many notorious DOS attacks are dispersed attacks, which means that the attack traffic is directed from several attack systems. While DOS attacks coming from a single source can be easier to alleviate because protectors can obstruct network traffic from the offending source, attacks directed from multiple attacking systems are far more problematic to spot and protect against, because it can be tough to distinguish valid traffic from malicious traffic—and screen malicious packets—when they are sent from all over the internet.
Types of DOS Attacks
In an expanded DNS DOS attack, the attacker generates crafted domain name system (DNS) requirements that seem to have originated from the victim’s network, and then transmits them to misconfigured DNS servers administered by third parties.
Application layer attacks flood internet application servers with bogus traffic. Particular targets of this kind of attack include DNS or HTTP servers. While some application-layer DOS attacks rely on flooding the application servers with network data, others manipulate limitations in either the victim’s application server, or in the application protocol itself.
A buffer overflow attack is a universal description generally used to describe DOS attacks that transmit more traffic to a network resource than was ever expected by the developers.
In a DDOS attack, the attacker may utilise computers or other network-connected devices that have been infected by malware and made part of a botnet. Distributed DOS attacks—specifically those using botnets—use command-and-control (C&C) servers to control the actions of the botnet members.
The ping-of-death attack exploits the Packet Inter-Network Groper (PING) protocol by transmitting requests with huge payloads, causing targeted systems to become overwhelmed, and preventing them from responding to valid requests for service. This kind of attack can even crash the victim’s systems, which could have a catastrophic effect on their business or service.