Denial-of-Service (DoS)

Denial-of-service attack

In computing, a denial-of-service (DoS)attack is an attempt to make a machine or network resource unavailable to itsintended users, such as to temporarily or indefinitely interrupt or suspendservices of a host connected to the Internet. Denial of service is typicallyaccomplished by flooding the targeted machine or resource with superfluousrequests in an attempt to overload systems and prevent some or all legitimaterequests from being fulfilled.

A distributed denial-of-service (DDos) iswhere the attack source is more than one, often thousands of, unique IPaddresses. It is analogous to a group of people crowding the entry door or gateto a shop or business, and not letting legitimate parties enter into the shopor business, disrupting normal operations. The scale of DDoS attacks hascontinued to rise over recent years, even reaching over 400Gbit/s.

Criminal perpetrators of DoS and DDoSattacks often target sites or services hosted on high-profile web servers suchas banks, credit card payment gateways.

Attacktechniques

A denial-of-service attack is characterizedby an explicit attempt by attackers to prevent legitimate users of a servicefrom using that service. There are two general forms of DoS attacks: those thatcrash services and those that flood services.

The most serious attacks are distributedand in many or most cases involve forging of IP sender addresses so that thelocation of the attacking machines cannot easily be identified, nor canfiltering be done based on the source address.

Defensetechniques

Defensive responses of denial-of-service attackstypically involve the use of a combination of attack detection, trafficclassification and response tools, aiming to block traffic that they identifyas illegitimate and allow traffic that they identify as legitimate.