What are DoS and DDoS attacks?

A Denial of Service (DoS) attack occurs when a computer floods a server or a resource with data requests, overloads its capabilities, and renders it unavailable for other users.

A Distributed Denial of Service (DDoS) attack is an advanced version of a DoS attack. This attack also involves disrupting the normal traffic flow to a server by overloading it with bogus requests. However, as opposed to a DoS attack, a DDoS attack involves sending these requests from multiple computers in multiple locations.

How does a DDoS attack work?

During a typical DDoS attack, a vulnerable computer system is targeted by the attacker. The attacker becomes the DDoS master and, through this computer, further attacks are launched on other systems. The master does this by locating other vulnerable systems and gaining access to them through malware or by bypassing authentication.

Eventually, the number of infected computer systems, or bots, multiply and ​create a domino effect. This network of bots is called a botnet and is controlled by the attacker (called the botmaster) through a command-and-control server. These spam the target server with numerous requests and make it unavailable to serve genuine users.

Botnets can be incredibly complex and can contain hundreds of thousands of individual bots.

svg viewer

Common DDoS attacks

The following are some common DDoS attacks:

  • UDP Flood: A UDP flood is any DDoS attack that floods a target with User Datagram Protocol (UDP) packets. The goal of the attack is to flood random ports on a remote host that then looks for an application listening on the port. When the host discovers that there is no such application, it sends back a ‘destination unreachable’ packet. This entire cycle consumes network resources and limits connectivity to actual users.
  • Ping Flood: Just like a UDP Flood attack, an ICMP flood attack overwhelms the target resource with ICMP Echo Request (ping) packets. These are sent as fast as possible without waiting for replies, thus, they overload the server.
  • SYN Flood: A SYN flood DDoS attack exploits a known weakness in the TCP connection sequence (“three-way handshake”), where an SYN request to initiate a TCP connection with a host must be answered by an SYN-ACK response from that host. However, in this attack, the attacking systems send multiple SYN requests, often with spoofed IP addresses, and do not respond to the SYN-ACK responses. This causes the host system to keep waiting on received acknowledgments, which renders it unavailable for other users.

Free Resources

Copyright ©2024 Educative, Inc. All rights reserved