Networking - Denial of Service (DoS) Attack

Denial of Service (DoS) Attack 

1. Definition

A Denial of Service (DoS) attack is a cyberattack where an attacker floods a target system, server, or network with excessive traffic or requests to make it unavailable to legitimate users.

  • The goal is to disrupt normal services.

  • It does not steal data, but it prevents access.

  • Common targets: websites, servers, email systems, banking portals, and e-commerce platforms.

Example:
If an online shopping website like Amazon suddenly receives millions of fake requests per second, its servers may crash and real customers cannot access it.

2. Purpose of DoS Attacks

  • To disrupt business operations.

  • To cause financial loss.

  • To damage reputation.

  • To perform cyber vandalism.

  • To distract security teams while another attack happens.

3. How DoS Attacks Work

DoS attacks aim to overload the target system. The process is:

  1. Attacker sends huge amounts of fake traffic or requests.

  2. Target’s server resources (CPU, RAM, bandwidth) get exhausted.

  3. Legitimate requests cannot be processed.

  4. Website or service crashes or becomes extremely slow.

4. Types of DoS Attacks

There are two main categories: DoS (single system) and DDoS (multiple systems). Let’s break them down:

A. DoS Attacks (Single Source)

A single computer or network floods the target with traffic.

1. Volume-Based DoS Attacks

  • Flood the server with excessive data packets.

  • Consumes all available bandwidth.

  • Measured in bits per second (bps).

Example:
An attacker sends 1 GB of fake traffic per second to a server with a 100 MB bandwidth limit, causing a crash.

2. Protocol-Based DoS Attacks

  • Exploit network protocols like TCP, UDP, or ICMP.

  • Overload server resources like firewalls, routers, and load balancers.

  • Measured in packets per second (pps).

Example:
Sending continuous SYN requests but never completing the handshake (SYN Flood Attack).

3. Application-Layer DoS Attacks

  • Target the application layer (Layer 7 of the OSI model).

  • Mimic legitimate user requests but send them at high volume.

  • Harder to detect.

Example:
Sending millions of search requests per second on a shopping site to overload its database.

B. DDoS Attacks (Distributed DoS)

  • DDoS = Distributed Denial of Service.

  • Uses multiple compromised devices (botnets) to attack a target simultaneously.

  • Much stronger and harder to block than DoS.

Example:
The Mirai Botnet infected hundreds of thousands of IoT devices and launched one of the largest DDoS attacks in history, taking down Netflix, Twitter, and Reddit in 2016.

5. Examples of DoS Attacks

Attack Type Description Example
Ping of Death Sends oversized ping packets to crash systems Windows XP crash attacks
SYN Flood Exploits TCP handshake, overwhelming server Bank server overload
UDP Flood Sends random UDP packets to exhaust bandwidth Gaming server attacks
HTTP Flood Sends fake HTTP requests to overload web apps Amazon DoS attempts
Smurf Attack Uses ICMP broadcasts to flood victim systems Older Windows & Linux servers

6. Real-Life Examples of DoS Attacks

a) Amazon Web Services (AWS) – 2020

  • Attack Type: DDoS Attack

  • Peak Traffic: 2.3 Tbps

  • Impact: Temporary slowdowns on AWS-hosted apps.

b) GitHub – 2018

  • Attack Type: Memcached DDoS

  • Peak Traffic: 1.35 Tbps

  • Impact: GitHub was temporarily down.

c) Estonian Cyberattack – 2007

  • Attack Type: Nationwide DDoS

  • Impact: Banking, government, and media websites went offline.

7. Symptoms of a DoS Attack

  • Sudden slow network speed.

  • Website crashes frequently.

  • Servers stop responding.

  • Spike in CPU, memory, and bandwidth usage.

  • Unusual traffic from a single IP or region.

8. How to Prevent DoS Attacks

A. Network-Level Protection

  • Use firewalls to block malicious IP addresses.

  • Enable Intrusion Detection Systems (IDS).

  • Deploy load balancers to distribute traffic.

B. Server-Side Protection

  • Implement rate limiting to block excessive requests.

  • Optimize server configurations to handle heavy traffic.

  • Use content delivery networks (CDNs) to absorb attacks.

C. Cloud-Based Protection

  • Use services like:

    • Cloudflare DDoS Protection

    • AWS Shield

    • Akamai Kona Site Defender

D. Best Practices

  • Regularly update security patches.

  • Monitor network logs for suspicious patterns.

  • Use Web Application Firewalls (WAFs).

9. Difference Between DoS and DDoS

Aspect DoS (Denial of Service) DDoS (Distributed DoS)
Source Single system Multiple systems (botnets)
Power Moderate Very high
Detection Easier Harder
Example One PC floods a server Thousands of IoT devices flood a server

10. Advantages of DoS Testing (Not Attack)

Organizations sometimes perform DoS simulation tests to:

  • Test server resilience.

  • Identify network weaknesses.

  • Improve scalability.

  • Prepare for real-world cyberattacks.

11. Disadvantages / Impacts of DoS Attacks

  • Website Downtime → Loss of revenue.

  • Brand Damage → Customers lose trust.

  • Financial Losses → Due to service disruption.

  • Legal Consequences → If customer data gets affected.

  • Operational Halt → Businesses come to a standstill.

12. DoS Attack Workflow Diagram

        [Attacker]
            │
            │ Sends Millions of Requests
            ▼
      [Target Server]
   ┌───────────────┐
   │ High Traffic  │
   │ Resources Busy│
   │ No Responses  │
   └───────────────┘
            │
            ▼
   [Legitimate Users]
       Can't Access Service

13. Summary

  • A DoS attack overwhelms a system, network, or server with fake requests.

  • Types include volume-based, protocol-based, application-layer, and DDoS.

  • Famous examples: AWS 2020, GitHub 2018, Estonia 2007.

  • Prevention involves:

    • Firewalls

    • Load balancers

    • CDNs

    • DDoS protection tools like Cloudflare & AWS Shield.