Attack Library: DoS (Denial of Service)

This new mini series will focus on a library of attacks that you can muster your knowledge on. The attacks of choice are elaborated on because of either their potency or their popularity. This week, we will focus on DoS (Denial of Service) attacks.

A denial of service attack, more commonly referred to as a DoS attack, is the method of sending a large amount of data to a single machine with the intention of overwhelming it to cause it to stop responding. While DoS attacks are typically 1-to-1, an extended attack, referred to as DDoS or Distributed Denial of Service, involves multiple malicious machines targeting one victim device, typically a large server belonging to an organisation.

To demonstrate, your typical connection to a website is as follows: * You navigate to a website (e.g.

* Your machine sends a request to Google’s server to authenticate

* Google checks your request, along with your IP address, to verify that it is correct

* Google fulfils your request by directing you to their website

Conversely, in a DoS attack, the attacker machine will send multiple requests with invalid IP addresses that do not exist to confuse the server. Each time a request is received, the server must use processing power to handle a request. In the DoS scenario, the sheer number of requests is enough to overload the server and eventually stop it from responding.

DoS attacks are rarely used for profit and are designed to cause disruption of service. As an organisation, DDoS and sometimes even DoS attacks are intended to cause network disturbance to inhibit either a website or the productivity of the business. To mitigate this attack, ensure you have enough bandwidth on your infrastructure and investigate appliances, such as Check Point, Cisco or Fortinet, which are designed for DDoS protection.