What is a denial-of-service (DoS) attack?

Table of Contents 4 sections

What is a Denial-of-Service Attack?

A denial-of-service (DoS) attack is a type of cyberattack designed to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of illegitimate traffic. The goal is not to steal data or gain unauthorised access, but to render the resource unavailable to its intended users. When a web server is hit by a DoS attack, legitimate visitors are unable to load pages, complete transactions, or access services.

DoS attacks exploit the fundamental limitation that every server and network connection has finite capacity. By consuming all available bandwidth, connection slots, or processing power, an attacker can effectively take a service offline without needing to compromise its security. The impact can range from slow performance to complete outage, and the financial and reputational damage can be severe.

Types of DoS Attacks

DoS attacks can be broadly categorised into volumetric attacks, protocol attacks, and application-layer attacks. Volumetric attacks, such as UDP floods and ICMP floods, aim to saturate the target's bandwidth with sheer volume of traffic. Protocol attacks, such as SYN floods and Ping of Death, exploit weaknesses in network protocol implementations to exhaust server resources like connection tables.

Application-layer attacks (Layer 7) are more sophisticated and target specific services like HTTP. Slowloris, for example, opens many connections to a web server and keeps them alive by sending partial requests, eventually exhausting the server's ability to accept new connections. These attacks are harder to detect because they mimic legitimate traffic and require far less bandwidth than volumetric attacks.

DoS vs DDoS

A standard DoS attack originates from a single source, making it relatively easy to identify and block. A Distributed Denial-of-Service (DDoS) attack, on the other hand, uses multiple compromised systems (often a botnet of thousands of infected devices) to attack a single target simultaneously. The distributed nature of DDoS attacks makes them far more powerful and much harder to mitigate.

DDoS attacks can generate traffic volumes exceeding hundreds of gigabits per second, which is more than enough to overwhelm even well-provisioned infrastructure. Defending against DDoS requires specialised mitigation services that can absorb and filter malicious traffic before it reaches the target, often using globally distributed scrubbing centres.

Defending Against DoS Attacks

Effective DoS defence requires a multi-layered approach. Rate limiting restricts the number of requests a single IP address can make within a time window. Firewalls and intrusion prevention systems can detect and block known attack patterns. Content delivery networks (CDNs) distribute traffic across multiple servers, making it harder for an attacker to overwhelm a single point.

For web applications, deploying a Web Application Firewall (WAF) provides protection against application-layer DoS attacks. Cloud-based DDoS mitigation services from providers like Cloudflare or AWS Shield can automatically detect and absorb large-scale attacks. Having an incident response plan that includes DoS scenarios is essential for minimising downtime and maintaining service availability.