Denial-of-service attack
Denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial-of-service attacks are typically accomplished by flooding the targeted machine or resource with redundant requests to overload systems and prevent legitimate requests from being fulfilled. A distributed denial-of-service (DDoS) attack occurs when multiple compromised computer systems attack a single target, thereby magnifying the scale of the attack.
Types
- Volume-based attacks: include floods such as UDP, ICMP, and spoofed-packet floods. Their goal is to saturate the bandwidth of the target.
- Protocol attacks: consume server resources or intermediate communication equipment, such as firewalls and load balancers, by exploiting weaknesses in Layer 3 and Layer 4 protocols (e.g., SYN flood, Ping of Death).
- Application‑layer attacks: target specific application features, often Layer 7, by establishing a connection and then sending seemingly legitimate requests that exhaust server resources (e.g., HTTP flood, slowloris).
History
The first notable denial-of-service attack occurred in 1996 when a flood of SYN packets took down the Internet service provider Panix. In 2000, a 15‑year‑old known as "MafiaBoy" launched a series of DDoS attacks against major e‑commerce websites including Amazon, eBay, and Yahoo, raising public awareness of the threat. Since then, the frequency, size, and sophistication of DDoS attacks have increased dramatically, aided by the proliferation of insecure Internet of Things devices that can be recruited into botnets.
Mitigation
Defending against DoS attacks involves a combination of network architecture design, traffic filtering, rate limiting, and the use of DDoS mitigation services. Techniques include blackhole routing, scrubbing centers, and deploying content delivery networks that absorb excess traffic. No single method is foolproof, and organizations often employ multiple layers of defense.