Denial of Service | Intel471 Skip to content

Denial of Service

An attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.
Homepage slide 1
20 Denial of Service

Denial of Service (DoS) occurs when adversaries degrade or block the availability of targeted resources to users. Network DoS attacks can be performed by exhausting the network bandwidth services use.

A Denial of Service attack means users are unable to execute legitimate requests on the internet, as they are unable to reach their intended destination such as: specific websites, email services, domain name systems (DNS), and web-based applications. In this case, an attacker compromises your server and is sending out malicious traffic to prevent other people from accessing your site/service.

The most common way for attackers to do this is by flooding the target with so much data that they cannot handle it all at once. This causes them to drop connections, which prevents others from connecting. The result: no one gets what they want!

A more sophisticated approach involves using multiple IP addresses on different ports to overwhelm the system. For example, suppose someone was trying to access your website but was blocked because too many visitors were hitting it simultaneously. In this case, the attacker opens several accounts on their computer or weaponizes an army of bots, and then sends a request from each to a different port. Since most sites don't have enough capacity to deal with hundreds of thousands of concurrent visits, the attacker blocks everyone else while being allowed to access the target port.

What are types of DoS Attacks?

Denial of Service attacks come in various forms. Some examples include:

  • Flooding – In this type of attack, an attacker sends massive amounts of traffic to a victim's site. Since the victim's infrastructure can't handle the volume of incoming information, the site becomes unavailable to legitimate users.

  • Spoofed Traffic - An attacker uses spoofed packets to trick victims' routers into sending their traffic elsewhere. This causes all sorts of problems for the target, including loss of revenue due to lost business and increased costs associated with having to pay for additional bandwidth.

  • Slowloris - The slowloris attack exploits Transmission Control Protocol/Internet Protocol (TCP/IP) congestion control mechanisms to prevent hosts from receiving data at full speed. Instead of responding immediately to every packet sent, the router buffers them until they're ready to transmit again. However, since there's no limit to the number of packets that can be buffered, eventually, the buffer fills up, and the host stops accepting more packets. Once the buffer overflows, the host starts dropping packets randomly.

  • SYN flood - Similar to a ping flood, attackers send SYNs to port 80 on the victim's machine instead of pinging random IP addresses. These are typically generated using tools like Nmap. While these types of attacks don't usually cause much damage, they consume valuable system resources that could otherwise be put towards other tasks.

What are the main ways to prevent a DoS Attack?

There are two main ways to protect against these types of attacks:

1) Use a Content Delivery Network. A CDN is essentially a large cache of content stored somewhere close to where the user is located. When a visitor tries to reach a particular URL, the CDN first checks whether it already has the requested file cached locally; if not, it retrieves the file from its original location and caches it locally before returning it to the requesting client. If the file exists within the local cache, the CDN returns the existing copy rather than fetching another copy from the source. By doing this, the CDN reduces the load placed upon the originating servers, thus reducing the likelihood of any single server becoming overwhelmed.

2) Implement rate-limiting. Rate limiting refers to how often a given resource should receive new requests. It's important to note that you must also implement some timeout mechanisms when implementing rate limits. Otherwise, clients won't know when to stop making requests. As soon as the connection times out, the client will assume that the resource isn't available and move on to the next item on its list.

In addition to protecting yourself from potential DDoS attacks, you need to make sure that your application handles such situations gracefully. One thing to keep in mind is that although HTTP 1.0 doesn't support persistent connections, HTTP 2.0 does. If you're going to continue serving old versions of files after detecting a problem, you'll need to ensure that no one uses those older versions.