A Denial of Service (DoS) attack is a method used to disrupt legitimate users’ access to a target network or website resource. This is usually achieved by overloading a target (typically a web server) with a large amount of traffic, or by sending a malicious request that causes the target resource to fail or completely crash. The first recorded DoS attack occurred in February 2000, when a 15-year-old Canadian hacker hit Amazon and eBay web servers with this attack. Since then, more and more people have used DoS attacks to disrupt targets (websites) in many industries.
Some types of DoS attacks are designed to disrupt a particular target’s access to a network or resource, while other types are designed to make a resource completely inaccessible. These attacks can last from minutes to hours, and in rare cases, even days. The disruption of these network resources usually causes significant financial losses to the targeted company, and there are few appropriate mitigation strategies. There are many different ways and scales to launch DoS attacks. Since not all devices and networks are attacked in the same way, those who attempt to disrupt must be creative and exploit the various possible vulnerabilities in the system configuration. Some of the more well-known types of DoS attacks include:
- Buffer Overflow Attack: The most common type of exploit. It relies on sending traffic to a target that exceeds the processing capacity of the developer’s original build system. This type of attack allows the attacker to completely crash the target or control the target’s progress.
- ICMP Flood Attack: It targets devices that are misconfigured on the target network, forcing computers to distribute false packets to each node (computer) on the target network instead of a single node, overloading the network. This attack can often be called a “Ping of Death” or a “smurf attack.”
- SYN Flood Attack: It sends a connection request to a (target) web server, but never fully authenticates the connection. It will then continue (send requests) all remaining open ports on the target webserver until it forces a server-side crash.
Another similar term you may come across is a DDoS attack, which stands for Distributed Denial of Service Attack. The difference between Dos and DDoS attacks is that many malicious computers are targeted to a single resource. Compared to a single-source DoS attack, a distributed denial-of-service attack is more likely to successfully undermine a target. Attackers prefer this approach because tracing the origin of the attack is more difficult because the attack comes from multiple points.
If your organization is suffering a DoS attack or a DDoS attack, the Cyber Incident Response service from LIFARS can help you survive. LIFARS Incident Response Team is deployed to the local enterprise environment. The LIFARS digital forensics process then laterally engages in affected systems and potentially compromised endpoints in the network with high speed and precision. Our mission is to minimize the threat surface, minimize the extent of the compromise, and minimize the damage associated with the cyber attack.
Contact LIFARS Immediately for