DoS and DDoS attacks

Denial-of-service attacks

A denial-of-service attack, or DoS attack, is any attack that aims to prevent access to a service for legitimate users. That service might be a website, an email account, a network, or a device. The attack can target any potential users of the service, or one user in particular. For example, a DoS attack could target one person’s device to prevent them from accessing the internet, or it could target a website to deny access to all of its visitors.

Attackers can use DoS attacks to make companies lose business, or hold companies to ransom by threatening attack. They might also use DoS attacks to distract their victim from other types of attacks, for example, as a cover to break into a server and steal sensitive data. Sometimes this form of attack has political motivations, for example, the hacker collective Anonymous uses DoS and DDoS attacks to take down government and corporate websites that they disagree with.

There are lots of different ways of conducting a DoS attack, but broadly, they fall into two types:

• Sending illegitimate data (teardrop attack)
• Flooding the victim with data (flooding attack)

In a teardrop attack, the attacker sends data to the victim that the victim doesn’t know how to process. It spends so long or so many resources trying to interpret the data that the service slows down or stops. For example, the attacker might send large data packets, broken down into fragments to be reassembled by the victim. The attacker might change how the packet is broken down so that the victim doesn’t know how to reassemble it.

In a flooding attack, the attacker floods the victim with so many messages that it overwhelms them. The service slows down or stops for legitimate users, because it cannot handle so many simultaneous demands.

DoS attacks are difficult to defend against. One technique to defend against flooding is to rate limit users, which means only allowing individuals to send a certain number of requests per minute. However, the distributed denial-of-service attack helps attackers to get round this defence.

Distributed denial-of-service attacks

In a distributed denial-of-service (or DDoS) attack, the attacker carries out a DoS attack using several computers. These computers are often infected bots, which we discussed in the previous step.

Controlling lots of computers at the same time allows an attacker to send a greater number of messages, which increases the chances of their DoS attack being effective. Also, the bots that the attacker controls could be located anywhere in the world and would all have separate IP addresses. This means that protections like rate limiting won’t stop the attack.

In a standard DoS attack, if the victim can identify the attacker, they might be able to block their messages. However, when the attacker is made up of lots of different computers, the victim might not be able to tell the difference between the bots and the legitimate users. Sometimes websites just receive a high quantity of traffic because lots of people want to use their service, and it can be extremely difficult to tell when this is happening and when a DDoS attack is taking place. In addition, even if the victim is able to identify a few bots, they can’t stop the attack unless they can identify all of them.

Next step

In the next step, you will learn about Sybil attacks, another kind of attack.

Questions

• Can you find any examples of successful DoS or DDoS attacks?
• How might a victim prevent a DoS attack in the form of illegitimate data being sent to them?
• Can you think of some creative ways to teach your students about DoS attacks?

Share your answers in the comments