en

What are Denial-of-Service Attacks?

The Internet has brought about significant improvements in the way things are done. These digital tools have made several activities relatively easier to perform. Nevertheless, there’s always an opposite side to every good thing, including using these digital devices. The Internet also has negative sides since it is prone to cyber-attacks. As a result, there’s a tremendous challenge when it comes to protecting users’ data.

A cyberattack is a malicious attempt by an individual or a group to disrupt, damage, or gain unauthorized access to a computer system, network, or device. These attacks can take many forms, such as viruses, malware, phishing, denial-of-service (DoS) attacks, ransomware, and more. The goal of a cyberattack is usually to steal sensitive data, cause system downtime or damage, or exploit vulnerabilities in a system for financial gain or other malicious purposes. Cyberattacks can be launched by various actors, including hackers, cybercriminals, nation-states, and insiders.

Cyberattacks have become commonplace and the number of incidents is increasing every year. Organizations that have fallen victim to malicious activity suffer financial losses, customer trust decreases and their image deteriorates drastically. Here we will focus on a DoS cyberattack.

What Are Denial of Service Attacks?

A denial of service attack is a cyber attack whose purpose is to shut down a system or network, thus rendering it inaccessible and useless to its end users. To achieve this, denial-of-service attacks flood the target system with an unusual amount of traffic, higher than the system can handle, or transmit information to the system, resulting in a crash. Consequently, it deprives the intended users of such systems or networks of the services they obtain from the system.

Cloudflare defines a denial-of-service attack as a form of cyber attack that initiates a malicious action in a system or any digital device, with the sole aim of rendering the digital device useless by interrupting the device’s normal operations. Usually, DoS attacks act by overwhelming the targeted system with requests until the system can no longer process regular traffic, leading to a denial of service to legitimate users.

Initiators of DoS often attack target networks and web servers of prominent organizations such as banks, media companies, government organizations, trade organizations, etc. Even though DoS attacks do not cause significant data loss or other resources, they will cost the victims time and money.

How can Denial-of-Service attacks be categorized based on their similarity?

The main objective of a DoS attack is to overload the capacity of the targeted machine, network, or web server. As a result, the device or network receives more requests than it can handle, leading to a denial of service. Generally, there are two methods of DoS attacks:

– Flooding Services
– Crashing Services

Flood attacks occur when the system is overloaded with traffic. A malicious agent may overload the server’s capacity. In most cases, the malicious agent’s throughput is greater than the target system’s throughput. As a result, the web server starts to slow down. Prevalent flood attacks include:

Buffer Overflow Attacks

Buffer overflow attack is a type of DoS attack that results when a memory buffer overflow causes a system or digital device to exhaust all available hard disk space, memory, or CPU time. Buffers are memory storage compartments that temporarily store data while being migrated from one location to another. When there’s a buffer overflow, the data volume surpasses the memory buffer’s storage capacity. Hence, the program charged with writing the data to the buffer deallocates adjacent memory locations.

Memory buffer overflow is the most common form of DoS attack. The idea is to transmit more traffic to a network address above what the machine or system has been programmed to handle. Buffer overflows can occur in several ways, some of which are:

  • Internet Control Message Protocol (ICMP) Flood

ICMP flood takes advantage of improperly configured network devices by sending spoofed traffic that pings every computer on the targeted network rather than just a specific computer. When an ICMP flood finds its way into a network or system, it triggers the network to amplify the traffic. For this reason, ICMP floods are also referred to as smurf attacks or ping of death.

For an ICMP flood DoS attack to be successful, the attacker must know the target system’s IP address. ICMP flood attacks can be categorized into three forms based on the target and the IP address resolution.

– Target Local Disclosed: Here, the DoS attack creates a ping flood that targets a specific computer on a particular local network. The attacker must have had access to the target’s IP address beforehand.
– Router Disclosed: In this type of ICMP attack, the attacker introduces a ping flood that interrupts communications between several computers on a network. The attacker must have access to the Internal IP address of a local router.
– Blind Ping: Blind ping involves using an external program to disclose the IP address of the target computer or router before initiating the DoS attack.

  • Synchronization Flood

Synchronization flood is commonly referred to as SYN flood. It takes advantage of the vulnerabilities of the Transfer Control Protocol/Internet Protocol connections to disrupt a web service.

SYN flood initiates a request to connect to a server, but it doesn’t complete the connection. It keeps doing this until all available ports are saturated with requests, and none is available for authorized users to connect. As a result, the ports on the targeted network respond sluggishly to legitimate traffic or do not respond at all.

How does it achieve this? SYN flood exploits the connection process of a TCP connection. Unlike other DoS attacks that take advantage of the vulnerability that causes the target system to crash, SYN flood sends inputs that take advantage of errors in the target that subsequently destabilize the system, rendering it unusable. SYN flood is a denial-of-service attack that renders a server useless by exhausting all available server resources.

  • User Data Program Flood

Any denial-of-service attack that targets user datagram protocol traffic is a user data program flood. UDP attacks aim to overload ports on a remote host haphazardly. As a result, the host intermittently checks for the application listening at that port, and when the host doesn’t find any application, there’s a ” Destination Unreachable” traffic response. The whole process drains the host’s resources and eventually leads to unavailability.

An example of crashing denial-of-service attacks is slow loris. Slowloris is a highly-targeted attack that causes one web server to take down a subsequent server without crashing the services or ports on the target network.

Slowloris achieves this by initially creating connections to the target server and keeps on sending partial requests. Afterward, it keeps multiple connections to the target web server open for a long time. Slowloris keeps sending multiple incomplete HTTP headers and keeps each pseudo connection open and accessible. Eventually, there’s an overload due to the overwhelming connection pool, losing additional connections for legitimate users.

Distributed Denial-of-Service Attack

A distributed denial-of-service (DDoS) attack is a baleful attempt to disrupt the regular traffic of an intended server or network by overloading the target and its complement infrastructures with a myriad of internet traffic. In essence, an attacker initiates a DDoS attack to flood a server with excessive internet traffic so that users can no longer access the online services and sites made available by the affected systems. See it as an impromptu traffic jam obstructing the highway, hindering regular traffic from reaching its destination. DDoS can exploit several digital devices, computers, and other Internet of Things devices.

To achieve this, DDoS attacks effectively utilize several compromised computer systems and networks as sources of attack traffic. Several individuals and organizations have several reasons for carrying out DDoS attacks. Some DDoS attacks are perpetrated by hackers or resentful individuals who intend to take down an organization’s server to make a mark, express their disapproval of certain things the organization is doing, or just for fun.

Distributed Denial-of-Service attacks also can lead to plummeting legitimate traffic, reputation damage, and, eventually, business fallout. According to Fortinet, DDoS attacks are rising, and several organizations are being affected. Even giant international companies are not spared.

Interestingly, DDoS attacks may be financially motivated sometimes. A company competing with other companies may come up with the harmful notion of disrupting its competitors’ businesses just to have the edge over them.

Other reasons for DDoS attacks include extortion. Perpetrators of these attacks install ransomware on a company’s server, hindering their productivity. Afterward, the perpetrators compel the company to pay a massive amount for the damage to be reversed.

Types of DDoS Attacks

Although most DDoS attacks entail overloading a target network or server with traffic, attacks can be grouped into three categories:

  • Application Layer Attacks

Application layer attacks aim to consume the target’s resources and establish a denial of service. Application layer attacks are sometimes referred to as Layer 7 DDoS attacks. This is about the 7th layer of the Open System Interconnection (OSI) model.

The primary targets of these attacks are layers that generate web pages on servers and layers that deliver these web pages in response to HTTP requests. Layer 7 attacks are complicated to prevent because it is often hard to distinguish between malicious traffic and legitimate traffic.

  • Protocol Attacks

Protocol DDoS attacks are otherwise referred to as state-exhaustion attacks. These attacks disrupt a service by over-exhausting network resources such as firewalls and load balancers. Protocol DDoS attacks take advantage of the vulnerabilities in layers 3 and 4 of the protocol stack to render the target unavailable.

  • Volumetric Attacks

Volumetric DDoS attacks aim to establish congestion by expending all available bandwidth between the target and the extended Internet. Consequently, more data is sent to a target via amplification to create massive traffic.

To Sum Up

Denial-of-service (DoS) attacks are cyberattacks that aim to make a website or network unavailable to its users by overwhelming it with traffic or flooding it with requests. The goal of a DoS attack is to disrupt the normal functioning of a system or website, making it unavailable to its intended users.

There are different types of DoS attacks, but they all share a common goal of overwhelming the targeted system with traffic, making it unable to handle legitimate requests. Here are some of the common types of DoS attacks:

  • Flooding attacks: These attacks send a large number of requests to the targeted system, overwhelming it and making it unavailable to legitimate users.
  • Distributed Denial of Service (DDoS) attacks: These attacks use multiple compromised devices, often part of a botnet, to flood the targeted system with traffic, making it unavailable.
  • Application-layer attacks: These attacks target specific applications or services within a system, such as HTTP or DNS, causing them to crash or become unresponsive.

DoS attacks can have serious consequences, including lost revenue, reputational damage, and legal liabilities. Organizations can protect themselves from DoS attacks by implementing various mitigation strategies, such as network monitoring, traffic filtering, and using anti-DDoS services.

Preventing cyber attacks is among an IT organization’s priorities because the effects of these attacks are harmful. In any situation where the security of company data is at stake, a reliable backup solution comes in handy. Get the free Trial or contact us if you are interested in a one-on-one demo.

text written by:

Paweł Piskorz, Presales Engineer at Storware