A DOS (Denial of Service) attack is a cyberattack that overwhelms a computer or a network with traffic which prevents the system’s legitimate users from accessing it. The best analogy for a DOS attack is having a group of people maliciously crowding a business’s doorway, preventing customers and employees from accessing it. A well orchestrated DOS attack can significantly disrupt, or even stop an online service from operating. In this article, we will look at all the characteristics of a DOS attack including the different types of DOS attacks and how to detect and protect yourself from this cyberthreat with security tools like passwordless authentication by Transmit.
What is the difference between a DOS and DDOS attack?
Most internet users are familiar with DDOS (Distributed Denial of Service attacks) at least as a term. Are DDOS attacks different from DOS attacks? Well, a DDOS attack is a sophisticated, and more dangerous form of a DOS attack. While a DOS attack originates from one source, a DDOS attack comes from multiple sources.
The attacker achieves this by infecting vulnerable computers and internet connected devices with trojan horse malware. These infected devices are known as zombies or bots. And a network of these zombies is known as a botnet.
The attacker uses the malware to instruct the botnet to attack a target whose network receives multiple requests every minute from each zombie in the botnet. High-profile attacks usually involve multiple botnets attacking a single victim.
In a DDOS attack, the owners of the devices in a botnet are usually unaware that they are part of an attack. It is also harder to stop a DDOS attack as there is no single source to block, large botnets have been known to include upwards of 400,000 zombies.
Why do DOS attacks happen?
It is important to understand the motivation behind those who initiate this cyberthreat. There are many reasons for DOS attacks, the most popular being:
Ideological differences
Most DOS attacks are a form of ‘hacktivism’ against businesses, organizations and individuals whose ideological stance on controversial topics differ from those of the attackers. These hot-button issues include internet freedom, censorship, and political party affiliation.
Extortion
The attacker’s motivation might be purely financial. Once your system is compromised they will ask for ransom to stop the attack and allow you to resume your normal operations.
Cover for other attacks
A DOS attack is usually used to attract the attention of your network security personnel while another, more targeted, breach into your system is carried out.
Types of DDOS attacks
There are many individual techniques utilized by those initiating DOS attacks. However, they can all be broadly grouped into three categories: volume attacks, protocol attacks, and application layer attacks.
Volume Attacks
These are the most popular and most widely-used form of DOS attacks. The main aim of a volume attack is to flood a network’s bandwidth with so many requests that it lacks the capacity to handle any connection requests from the system’s legitimate users.
DDOS attacks are particularly effective at this, especially if they control large botnets. Types of volume attacks include UDP floods and ICMP floods.
Protocol Attacks
While volume attacks target a network’s bandwidth, protocol attacks target server resources. These resources include the various protocols that facilitate network connectivity (such as TCP/IP) and services like firewalls. Types of protocol attacks include SYN flooding, ping of death attacks, and fragmented packet attacks.
Application layer attacks
These attacks target the network’s infrastructure, but the system upon which it is based on. Such systems include the Windows operating system and Apache. These attacks usually target a particular vulnerability within the system with multiple requests which forces it to shut down or significantly underperform.
How do you detect a DOS attack?
All types of DOS and DDOS attacks have one goal, to overwhelm a network. Therefore, the first sign of a DOS attack is a slow or unresponsive network. If your system is inaccessible, while other online services function, then you might be getting targeted by a DOS attack.
It is important to note that there are countless other reasons why your network is unresponsive. If the network is clogged in the aftermath of your organization being involved in a controversial issue, then you might be getting targeted.
You should hire the services of a DOS attack service to monitor your traffic and detect suspicious traffic spikes.
Protecting yourself from DOS attacks
The most effective way to protect yourself is by ensuring that DOS attacks against you are not successful. In the first 6 months of 2021, 5.4 million DDOS attacks were detected. It is important to be proactive when defending against DOS attacks.
Again, the best way to do this is to hire a DOS protection service. There are a number of reputable ones you can find with a quick internet search. They have the expertise, technology, and equipment to protect your system.
It also helps to build your network upon a robust supporting infrastructure that includes cloud backups, and up-to-date security measures. Have an effective anti-virus and anti-malware software monitoring your systems at all times.