Denial of Service (DoS) and Distributed Denial of Service (DDoS) are types of cyber attacks that aim to disrupt the availability of a computer system, network, or online service by overwhelming it with a flood of illegitimate requests or traffic.
Denial of Service (DoS): In a DoS attack, an attacker attempts to exhaust the resources of a targeted system, such as network bandwidth, processing power, or memory, making the system unresponsive or unavailable to legitimate users. The attacker typically sends a large volume of requests to the target, overloading its capacity to handle them.
Some common types of DoS attacks include:
- Network Floods: The attacker floods the target with a high volume of network traffic, consuming all available bandwidth and preventing legitimate users from accessing the network or services.
- Application Layer Attacks: The attacker targets specific applications or services, exploiting vulnerabilities or sending malicious requests that cause the system to crash or become unresponsive.
- Resource Exhaustion: The attacker exploits weaknesses in system resources, such as consuming all available CPU or memory, rendering the system unusable.
Distributed Denial of Service (DDoS): DDoS attacks are similar to DoS attacks, but they involve multiple compromised systems, forming a botnet, to launch the attack. The attacker controls these compromised systems remotely, often without the owners’ knowledge, and orchestrates them to send a coordinated flood of traffic or requests to the target.
DDoS attacks have several advantages for attackers:
- Amplification: Attackers use reflection and amplification techniques to make the attack traffic appear to originate from various sources, making it harder to trace back to the attacker and magnifying the impact on the target.
- Scalability: The attacker can harness the combined bandwidth and resources of multiple compromised systems, significantly increasing the volume of traffic directed at the target, making it more challenging to mitigate the attack.
The objectives of DoS and DDoS attacks can vary. They may be launched for various reasons, including financial gain, revenge, competition sabotage, ideological motivations, or simply to cause disruption and chaos.
It’s important for organisations to regularly assess their systems’ security, implement appropriate security controls, and stay vigilant to defend against and mitigate the impact of DoS and DDoS attacks.