A DoS attack is a deliberate attempt to prevent legitimate users of a network from accessing the services provided by the server or connected systems. The classic DoS attack will come from a single computer sending multiple requests to the server.
Denial of service attacks usually aim to overload servers or systems with requests for data or access to resources like the processor or main memory. Some denial of service attacks also exploit weaknesses, either in the security system or network infrastructure.
As the internet has evolved and bandwidth has increased it is now common for Distributed Denial of Service attacks to take place.
These attacks can involve thousands of different systems bombarding a server with requests for access to services. Distributed denial of service attacks send so many requests to a server that legitimate requests are unable to gain access.
Computers from all over the world are innocently recruited to take part in the attack, each sending only a small part of the entire data flood. The recruiting of machines to take part in attacks is typically done by infecting them with a virus, Trojan horse or worm. The IP address of compromised machines - dubbed zombies or bots - is sent back to the criminal, who will use it to launch a DDoS. The network of zombie machines is sometimes known as a Botnet.
Common symptoms of a Denial of Service attack include:
The effect is inconvenience for users who are denied access to services they expect to use.
For organisations who fall victim to a Denial of Service attack the costs usually fall into two categories:
A site selling goods online would be unable to receive orders, leading to a loss of income. Attackers often plan attacks when they know that an organisation would expect many users to want to access the server or services.
Organisations will often have to call in staff out with their normal working hours or hire additional staff to get the server back up and running again as soon as possible. While most attacks are resolved within 1 or 2 hours, the performance of the server may not be that of pre-attack performance for a number of hours.