What is DDoS or DoS Attack, and How It works?

Denial of Service Attacks

Distributed Denial of Service Attack (DDoS) Definition:

A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, also known as the botmaster, identifies and identifies and infects other vulnerable systems with malware. Eventually, the assailant instructs the controlled machines to launch an attack against a specified target. 

Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an entire network, a component of a given network any system component. DoS attacks may also target human-system communications (e.g. disabling an alarm or printer), or human-response systems (e.g. disabling an important technician's phone or laptop).

DoS attacks can also target tangible system resources, such as computational resources (bandwidth, disk space, processor time); configuration information (routing information, etc.); state information (for example, unsolicited TCP session resetting). Moreover, a DoS attack can be designed to: execute malware that maxes out the processor, preventing usage; trigger errors in machine microcode or sequencing of instructions, forcing the computer into an unstable state; exploit operating system vulnerabilities to sap system resources; crash the operating system altogether.

The overriding similarity in these examples is that, as a result of the successful Denial of Service attack, the system in question does not respond as before, and service is either denied or severly limited.

Sources of Denial of Service Attacks

"If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”Richard Clarke

DoS attacks are low-cost, and difficult to counter without the right tools. This makes them highly-popular even for people with technical knowledge. In fact, DoS services are offered on some web sites starting at $50. These services have grown more and more sophisticated, and can effectively exploit application vulnerabilities and evade detection by firewalls.

According to market research, DoS attacks largely originate from people with a grudge or complaint against a web site or company, competitors looking to increase market share by damaging commercial web availability, or criminal elements that systematically extort web site owners by holding his assets for ransom.

So What is the Difference Between DoS and DDoS Attack?

It is important to differentiate between Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

In a DoS attack, one computer and one internet connection is used to flood a server with packets, with the aim of overloading the targeted server’s bandwidth and resources.

DDoS attack, uses many devices and multiple Internet connections, often distributed globally into what is referred to as a botnet. A DDoS attack is, therefore, much harder to deflect, simply because there is no single attacker to defend from, as the targeted resource will be flooded with requests from many hundreds and thousands of multiple sources.

Types of DDoS Attacks

DDoS attacks can be divided in three types:

Volume Based Attacks

Includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps).

Protocol Attacks

Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in Packets per second.

Application Layer Attacks

Includes Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows or OpenBSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second.

Preventing Denial of Service Attacks

Rapid identification and response can prevent DoS attacks. The first challenge for any DoS protection scheme is to quickly and effectively identify incoming traffic as malicious. Once the flood of traffic is identified as a DoS attack, rather than – for example – a spike in legitimate site traffic, an effective response will generally involve setting up a scalable infrastructure to absorb the attack, until the source is identified and blocked.

A specifically targeted DDoS attack is impossible to prevent, but there are excellent and effective tools that can help mitigate the impact of such an attack.

Mitigating DoS and DDoS Damage with Incapsula

Deployed in minutes without installing hardware or software, Incapsula’s cloud-based DoS and DDoS Protection Service delivers immediate and comprehensive protection for DoS attacks, scaling on-demand to counter multi-gigabyte malicious attacks.

Incapsula’s DDoS protection Service delivers complete defence against any types of DDoS threats, including network-based attacks like SYN or UDP floods, and application attacks. Incapsula also blocks more advanced attacks that exploit application and Web server vulnerabilities, like Slowloris.

Incapsula mitigates a 250GBps DDoS attack—one of Internet's largest.

Unlike appliance-based DDoS protection products, that are limited by the hosting provider bandwidth capacity, Incapsula's global network of scrubbing centres scales, on demand, to counter multi-gigabyte DDoS attacks. This ensures that the mitigation is applied outside of your network, allowing only filtered traffic to reach your hosts.

Video: What are DDoS Attacks? DDoS Explained