What does DoS mean?
The term DoS stands for Denial of Service
, which is a type of cyber attack where the target, such as a website, is flooded with traffic in order to disrupt its normal operations. Two of the general goals of DoS attacks are flood attacks where the target is flooded with traffic and attacks where the goal is to crash the targeted service.
Signs of a denial of service attack include:
slow internet connection or poor network performance
crashing of the device or online service
an unusual amount of traffic to a single target
difficulties in accessing or using an online service, such as a webstore
Although a slow internet connection, crashing and difficulties in using certain services can be indicators of a denial of service attack, there can be a harmless explanation for these things as well. A website may slow down or crash when it suddenly receives more traffic than it is prepared for. For example, an online store is probably well prepared for a large number of shoppers during special sales, so the unusually high number of legitimate users is unlikely to have a negative impact on the site’s performance. A denial of service attack on the other hand happens unexpectedly and is something the site is unlikely to expect.
A simple denial of service attack can also be used in online gaming to gain an unfair advantage against opponents by disrupting their internet connection. In a situation like this, one way to prevent a denial of service attack from happening is by changing your IP address.
Distributed Denial of Service (DDoS)
Whereas a denial of service attack can be carried out by a single device, distributed denial of service attacks, or DDoS attacks, use multiple devices to attack their target. Because of this, DDoS attacks are able to overwhelm their targets with even greater amount of requests than a regular DoS attack. One way that DDoS attacks are able to use multiple sources at the same time is with something known as a botnet.
What is a botnet?
Simply put, botnets are networks of devices that have been hijacked to be used in a distributed denial of service attack. The devices in a botnet are infected with a piece of malware that takes over its victim. When the DDoS attack begins, the devices in a botnet all flood the attack’s target with requests simultaneously. As a consequence, the targeted service, such as a website reaches its capacity and its performance is greatly hindered.
Nowadays, all sorts of devices can be connected to the internet, including webcams, home appliances, speakers and even smart toilets. This refers to Internet of Things or IoT. Although IoT provides numerous opportunities, it poses some threats as well. When devices are connected to the internet they are also susceptible to malware and can thus be used to carry out DDoS attacks as a part of a botnet.
One notable example of a botnet that exploited IoT devices is Mirai. It is responsible for one of the largest and best-known DDoS attacks on many large and widely used websites such as Twitter and Netflix. The devices used in the Mirai-botnet attack included routers and webcams.
What is the difference between a DoS and DDoS attack?
Although DoS and DDoS attacks are used for much of the same purpose, there are some notable differences between these two.
Amount of traffic: A distributed denial of service attack can send much more traffic to its target than a simpler DoS attack carried out by a single user and device.
The extent of damages: With a greater amount of traffic comes a larger impact on the target. At worst, a massive DDoS attack can even cause physical damage to its target, such as the server itself.
Protection and detection: As a distributed denial of service attack has multiple sources, its source is much more difficult to trace. The large flood of traffic from multiple sources also makes it more difficult to defend against a DDoS attack.
Normal denial of service attacks that do not require an expansive botnet are on the rise as the tools to pull off a DoS attack have become more accessible. With a user-friendly user interface, using these tools to flood servers with traffic does not require expert-level technical skills.
Three types of DDoS attacks
We can make a general distinction between three types of DDoS attacks. These are volumetric, application layer and protocol attacks. Let’s look at these three types of DDoS attacks in more detail.
Volumetric attacks
A volumetric DDoS attack aims to consume as much bandwidth with traffic as possible. The amount of traffic can be hundreds of gigabytes or even terabytes every second. The goal of such an attack is to cause congestion on the targeted service or website. However, volumetric attacks can also act as a way to hide other types of suspicious activity.
Application layer attacks
Application layer attacks (also known as layer 7 attacks) target specific points in the application layer. What makes an application layer attack different is that it is not targeted at the system as a whole but a specific point in it.
Protocol attacks
Whereas an application layer attack takes place in the so-called 7th layer, a protocol DDoS attack targets layers 3 and 4. This is the target server’s networking layer. Protocol DDoS attacks are used to use up resources of the target’s firewall, for instance.