Denial of Service (DoS) attacks

A DoS attack is a deliberate attempt to prevent legitimate users of a network from accessing the services provided by the server or connected systems. The classic DoS attack will come from a single computer sending multiple requests to the server.

Denial of service attacks usually aim to overload servers or systems with requests for data or access to resources like the processor or main memory. Some denial of service attacks also exploit weaknesses, either in the security system or network infrastructure.

Distributed Denial of Service (DDoS) attack

As the internet has evolved and bandwidth has increased it is now common for Distributed Denial of Service attacks to take place.

Using a botnet of infected zombie computers, an attacker sends so much data to an internet firm that it cripples, or threatens to cripple, the service.

These attacks can involve thousands of different systems bombarding a server with requests for access to services. Distributed denial of service attacks send so many requests to a server that legitimate requests are unable to gain access.

Computers from all over the world are innocently recruited to take part in the attack, each sending only a small part of the entire data flood. The recruiting of machines to take part in attacks is typically done by infecting them with a virus, Trojan horse or worm. The IP address of compromised machines - dubbed zombies or bots - is sent back to the criminal, who will use it to launch a DDoS. The network of zombie machines is sometimes known as a Botnet.

Symptoms and effect of Denial of Service attacks

Common symptoms of a Denial of Service attack include:

  • slow performance when trying to log in to a web based system, as the system may be under attack
  • slow network performance in general
  • inability to access a website as the web server may be under attack

The effect is inconvenience for users who are denied access to services they expect to use.

Cost of Denial of Service attacks

For organisations who fall victim to a Denial of Service attack the costs usually fall into two categories:

  • loss of income
  • repair costs to bring software and efficiency back to pre-attack level

A site selling goods online would be unable to receive orders, leading to a loss of income. Attackers often plan attacks when they know that an organisation would expect many users to want to access the server or services.

Organisations will often have to call in staff out with their normal working hours or hire additional staff to get the server back up and running again as soon as possible. While most attacks are resolved within 1 or 2 hours, the performance of the server may not be that of pre-attack performance for a number of hours.