Want to keep learning?

This content is taken from the Raspberry Pi Foundation & National Centre for Computing Education's online course, Introduction to Cybersecurity for Teachers. Join the course to learn more.

Skip to 0 minutes and 2 seconds Hello. In the last step, you learned about the use of bots in cyber attacks.

Skip to 0 minutes and 9 seconds Have you ever seen this error on the website you were trying to reach? It means that too many computers are requesting information from the site and it can’t respond to all of them. This might be because the site has become unusually popular, or it might be the victim of a denial of service or DoS attack. Attackers can use a DoS attack to make companies lose business or hold them to ransom. They might also use a DoS attack as a distraction, using it as a cover to break into a server and steal data. Sometimes this form of attack has political motivations.

Skip to 0 minutes and 41 seconds For example, the cyber vigilante group Anonymous uses DoS and DDoS attacks to take down government and corporate websites they disagree with. A denial of service attack is any attack that aims to prevent access to a service for legitimate users. That service might be a website, an email account, a network, or a device. The attack might be targeted at any potential users of the service, or one user in particular. For example, a DoS attack could target one person’s device to prevent them accessing the internet. Or it could target a website to deny access to all of the users. One method of DoS attacks sends illegitimate data to the victim. When transmitted, large amounts of data are broken down into packets.

Skip to 1 minute and 24 seconds But the attacker changes the way the data is broken down. When the victim receives the packets, it can’t reassemble or process them. As the victim tries and fails to interpret the data, the service slows down or stops altogether. A second method of DoS attack floods the victim with messages. Overwhelmed, the device slows down or completely stops the service for legitimate users. Imagine you’re serving the lunches in your school canteen. If everyone lines up and requests a lunch one at a time, you can manage. However, if everyone demands their lunch at the same time, and everyone is screaming at you to be first, you can’t serve anyone. DoS attacks are difficult to defend against.

Skip to 2 minutes and 4 seconds One approach is to rate limit users by only allowing individuals to send a certain number of requests per minute. However, the distributed denial of service, or DDoS attack, can bypass this defence. In a DDoS attack, the attack is carried out using multiple devices, often infected bots. Controlling multiple computers at the same time allows an attacker to send many more messages, increasing the effectiveness of the DDoS attack. By using bots around the world with separate IP addresses, protections like rate limiting won’t stop the attack. In a standard DoS attack, if the victim can identify the attacker, they can block their messages.

Skip to 2 minutes and 46 seconds But when the attacker uses multiple computers, the victim might not be able to tell the difference between the bots and legitimate users. Unless you can identify all of the bots, you can’t stop the attack.

DoS and DDoS attacks

Denial-of-service attacks

A denial-of-service attack, or DoS attack, is any attack that aims to prevent access to a service for legitimate users. That service might be a website, an email account, a network, or a device. The attack can target any potential users of the service, or one user in particular. For example, a DoS attack could target one person’s device to prevent them from accessing the internet, or it could target a website to deny access to all of its visitors.

Attackers can use DoS attacks to make companies lose business, or hold companies to ransom by threatening attack. They might also use DoS attacks to distract their victim from other types of attacks, for example, as a cover to break into a server and steal sensitive data. Sometimes this form of attack has political motivations, for example, the hacker collective Anonymous uses DoS and DDoS attacks to take down government and corporate websites that they disagree with.

There are lots of different ways of conducting a DoS attack, but broadly, they fall into two types:

  • Sending illegitimate data (teardrop attack)
  • Flooding the victim with data (flooding attack)

In a teardrop attack, the attacker sends data to the victim that the victim doesn’t know how to process. It spends so long or so many resources trying to interpret the data that the service slows down or stops. For example, the attacker might send large data packets, broken down into fragments to be reassembled by the victim. The attacker might change how the packet is broken down so that the victim doesn’t know how to reassemble it.

In a flooding attack, the attacker floods the victim with so many messages that it overwhelms them. The service slows down or stops for legitimate users, because it cannot handle so many simultaneous demands.

DoS attacks are difficult to defend against. One technique to defend against flooding is to rate limit users, which means only allowing individuals to send a certain number of requests per minute. However, the distributed denial-of-service attack helps attackers to get round this defence.

Distributed denial-of-service attacks

In a distributed denial-of-service (or DDoS) attack, the attacker carries out a DoS attack using several computers. These computers are often infected bots, which we discussed in the previous step.

Controlling lots of computers at the same time allows an attacker to send a greater number of messages, which increases the chances of their DoS attack being effective. Also, the bots that the attacker controls could be located anywhere in the world and would all have separate IP addresses. This means that protections like rate limiting won’t stop the attack.

In a standard DoS attack, if the victim can identify the attacker, they might be able to block their messages. However, when the attacker is made up of lots of different computers, the victim might not be able to tell the difference between the bots and the legitimate users. Sometimes websites just receive a high quantity of traffic because lots of people want to use their service, and it can be extremely difficult to tell when this is happening and when a DDoS attack is taking place. In addition, even if the victim is able to identify a few bots, they can’t stop the attack unless they can identify all of them.

Next step

In the next step, you will learn about Sybil attacks, another kind of attack.

Questions

  • Can you find any examples of successful DoS or DDoS attacks?
  • How might a victim prevent a DoS attack in the form of illegitimate data being sent to them?
  • Can you think of some creative ways to teach your students about DoS attacks?

Share your answers in the comments

Share this video:

This video is from the free online course:

Introduction to Cybersecurity for Teachers

Raspberry Pi Foundation