ELI5: what is a DoS attack?

Today, software services are crucial to the everyday running of almost everything — from businesses to core societal infrastructure. And increasingly, these software services are subject to malicious attacks.

One such attack is the DoS attack – of which the internet suffers an average of 28,700 instances every day. With an estimated attack cost of $120,000 for a small company, or more than $2 million for an enterprise, this is no small concern.

But what is a DoS attack, and how can you guard your technological offerings against one?


What is DoS?

DoS is shorthand for ‘denial of service’. A DoS attack, then, is a cyberattack that aims to deny users access to or use of a given service.

In a DoS attack, the attacker’s goal is to render the victim service or resource unavailable to the intended users by shutting it down, crashing or overloading it.

Most commonly, this kind of attack involves flooding the victim system with traffic beyond what it can handle, or by sending information that triggers a crash.

Typically, this kind of attack doesn’t result in the theft of assets like money or data. Rather, they cause severe disruption and can cost time and resources to fix.


Types of DoS attack

The types of DoS attack fall into three main categories, based on how the attack is launched. These are buffer overflow, flood attacks, and crash attacks.

  • Buffer overflow

In a buffer overflow DoS attack, the attacker sends more data to a service or network address than the system has been built to handle. This means that the requests sent by the attacker cause the system to use up all its available memory.  

  • Flood attacks

A flood attack is a DoS attack that involves sending a huge amount of traffic to a server at once. The result is that the server cannot handle all the packets, and so cannot take on more requests — including those from legitimate users.

  • Crash attacks

Finally, some DoS attacks take advantage of bugs to crash a service. That is, they exploit problems with the code to make the service crash or fail, and so become unavailable to legitimate users.


Defence

Knowing about the existence of the DoS attack is all well and good, but better is knowing how to defend your offering from them. So, how do you protect your resources or software offering from DoS attacks?

First, you need to be able to detect when you’re under attack. This is not always easy, but there are a few ways to tell when someone is trying to render your service or resource inaccessible.

Detecting a DoS attack boils down to knowing the symptoms of one. Unfortunately, these symptoms can also relate to non-malicious issues and activity.

The key is to keep an eye out for unusually high traffic or slow network performance. The best way to watch for denial-of-service attacks, then, is by monitoring and analysing your network traffic. You should set up automated alerts if your traffic hits an unusually high threshold.

Next comes the techniques for blocking or addressing a DoS attack on your offering. In general, the techniques for addressing these attacks involve blocking excess traffic and identifying malicious traffic.


TL;DR: What is a DoS attack?

To sum up, a denial of service (or DoS) attack is a type of cyberattack in which the bad actor seeks to render a service, network or resource unavailable for legitimate users.

DoS attacks can be hard to detect and defend against. The key lies in effective traffic monitoring, analysis and management.


Useful links

What is a man in the middle attack?

ELI5: what does DDOS mean?

Rubber ducking: not just a funny phrase