What are Denial of Service (DoS) attacks? DoS attacks explained


A Denial of Service (DoS) attack can be easily engineered from nearly any location. Learn more about what it is and how it works.

A “denial of service” or DoS attack is a deliberate shutting down of a network, website, or device in order to deprive the intended users from accessing them. It’s a form of attack done by scrambling a website’s resources so that the users who need to access the site cannot do so.

The internet-connected host becomes overwhelmed because of the disrupting service requests made by the attacks. This causes the site to come to a halt permanently or temporarily, depending on the attack.

To put this into simple words, it’s sort of like a crowd of people intentionally blocking the entrance of a movie hall, preventing others from entering it, and thus, causing turbulence in the trade.

High-profile and well-known companies or web servers have been the major target of DoS attacks. Because a DoS attack can be easily engineered from nearly any location, finding those responsible can be extremely difficult.

The first ever DoS attack was made by 13-year-old David Dennis in 1974. Dennis wrote a program using the “external” or “ext” command that forced some computers at a nearby university research lab to switch off.

Now, DoS in Cyber Security is quite well known, and the attacks have evolved into the more complex and sophisticated “distributed denial of service” (DDoS) attacks. For example, one of the biggest attacks ever recorded was targeted at code-hosting-service GitHub in 2018.

Attackers include hacktivists (hackers whose activity promotes a social or political cause), revenge-seeking individuals, profit-motivated cybercriminals, and nation-states. We’ll discuss DDoS attacks in greater detail later in this article.

Denial of service attacks explained

DoS attacks generally take one of two forms. They either flood web services or crash them. Here are the Types of DOS attacks explained more briefly:

Flooding attacks

Flooding is the more common form of DoS attack. It occurs when the attacked system is overwhelmed by large amounts of traffic that the server cannot handle. The system eventually stops because of such overloaded data requests as the capacity of the servers are oversaturated, causing the denial of service.

An ICMP flood, also known as a ping flood, is a type of DoS attack where spooked packets of information are sent that hits every computer in a targeted network, taking advantage of misconfigured network devices.

A SYN flood is a variation that exploits a vulnerability in the TCP connection sequence. It occurs when TCP/SYN-ACK packets, often with altered addresses, are sent by a host to make the servers respond to the request, interrupting the actual requests by legitimate users. This is often referred to as the three-way handshake connection with the host and the server. Here’s how it works:

The targeted server receives a request to begin the handshake. But, in a SYN flood, the handshake is never completed, meaning that there won’t be any response. That leaves the connected port busy and unavailable to process further legitimate requests. Meanwhile, the cybercriminal continues to send more and more requests, jamming the traffic of all open ports and shutting down the server.

Crash attacks

Crash attacks occur less often. Cybercriminals transmit bugs in the targeted system that exploit their flaws, ultimately leading the system to crash.

Usually, crash attacks and flooding attacks prevent legitimate users from accessing online services such as websites, gaming sites, email, and bank accounts.

How a DoS attack works

Unlike a virus or malware, a DoS attack doesn’t depend on a particular program to run. Instead, it takes advantage of inherent vulnerabilities in the way computer networks communicate.

Here’s an example. Suppose you’re going to visit an e-commerce site to shop for a gift. Your computer sends a small packet of information to the website. The packet works as a “hello”. Basically, your computer asks for permission to visit their site.

When the server receives your computer’s message, it sends a short one back, saying in a sense, “OK, are you real?” Your computer responds, “Yes!”, and communication is established.

Then, the website’s homepage pops up on your screen, and you begin exploring the site. Your computer and the server continue communicating as you click links, place orders, and carry out other activities.

In a DoS attack, instead of sending just one “introduction” to a server, the computer transmits hundreds or thousands of similar requests. The server, unable to recognize the fake introduction, sends back its usual response, waiting up to a minute in each case to hear a reply. When it gets no answer, the server shuts down the connection, and the computer executing the attack repeats, sending a new batch of fake requests.

DoS attacks primarily affect organizations and the services they provide on the internet. For consumers, the attacks usually hinder their ability to access such services and information.

Other types of attacks: DDoS

Distributed denial of service (DDoS) attacks represent the next step in the evolution of DoS attacks to disrupt the Internet. Cybercriminals began using DDoS attacks around 2000.

Here’s why DDoS attacks have become the weapon of choice for disrupting networks, servers, and websites.

The attacks use large numbers of compromised computers and other electronic devices, such as webcams and smart televisions that make up the ever-increasing Internet of Things, to force the targeted website, server, or network shutdown.

Security vulnerabilities in Internet-of-Things devices can make them accessible to cybercriminals seeking to anonymously and quickly launch DDoS attacks.

In contrast, a DoS attack generally uses a single computer and IP address to attack its target, making it easier to defend against.

How to help prevent DoS attacks

If you visit websites on a daily basis or rely on specific websites to do business, you probably want to know about DoS attack prevention.

A general rule: The earlier you can identify an attack-in-progress, the quicker you’ll be able to prevent the damage. Here are some things you can do.

Method 1: Get help recognizing attacks

Companies often use technology or anti-DDoS services to help defend themselves, which can help you recognize between legitimate spikes in network traffic and a DDoS attack.

Method 2: Contact your Internet Service provider

Once you identify the DDoS attack has been made, you should immediately notify your Internet Service Provider so that they can determine if your traffic can be rerouted. Having a backup ISP is a good idea, too. Also, consider services that can separate the massive DDoS traffic among a network of servers. That can help diffuse the attack or make it ineffective.

Method 3: Investigate black hole routing

Internet service providers can use “black hole routing.” It directs excessive traffic into an empty route, sometimes referred to as a black hole. This can help prevent the targeted website or network from crashing. The only drawback is that both legitimate and illegitimate traffic would be rerouted in the same way.

Method 4: Configure firewalls and routers

Firewalls and routers should be configured to reject bogus traffic. Remember to constantly update your routers and firewalls to the latest version. New updates bring better security measures that may help protect against DoS attacks.

Method 5: Consider front-end hardware

Application front-end hardware that is integrated into the network before traffic reaches a server can help analyze and screen data packets. The hardware classifies the data as a priority, regular, or dangerous as they enter a system. It can also help block threatening data.

How to help mitigate against DoS attacks and DDoS attacks

Comprehensive protection against various DDoS threats such as brute force attacks, spoofing, zero-day DDoS attacks, and attacks that target DNS servers.

Suppose you operate on a smaller scale — say, you run a basic website offering a service. In that case, your chances of becoming a victim of a DDoS attack are relatively low. Even so, taking certain precautions will help protect you against becoming a victim of any other kind of attack by hackers.

Here are a few things that can help.

  • Keep your security software, operating system, and applications up to date. Security updates help patch vulnerabilities that hackers may try to exploit. Consider a trusted security software like Norton Security.
  • Consider a router that comes with built-in DDoS protection.
  • Look for a website hosting service with an emphasis on security.

Taking simple precautions can make a huge difference when it comes to your online security.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.