Denial-of-service (DoS)

A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, network, services or other information technology (IT) resources.

Attackers in these types of attacks typically flood web servers, systems or networks with traffic and makes it difficult or impossible for anyone else to access them.

DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to handle.

The general methods of DoS attacks are known as flooding services or crashing services.

Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Some of flood attacks are:

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle.

ICMP (Internet Control Message Protocol) flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.

SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

Steps to overcome DoS

 There is no way to completely avoid becoming a target of a DoS but there are proactive steps administrators can take to reduce the effects of an attack on their network.

• Enroll in a DoS protection service that detects abnormal traffic flows and redirects traffic away from your network. The DoS traffic is filtered out, and clean traffic is passed on to your network.
• Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.

It is also important to take steps to strengthen the security posture of all of your internet-connected devices in order to prevent them from being compromised.

• Install and maintain antivirus software.
• Install a firewall and configure it to restrict traffic coming into and leaving your computer.
• Evaluate security settings and follow good security practices in order to minimize the access other people have to your information, as well as manage unwanted traffic

Detecting a DoS attack

The best way to detect and identify a DoS attack would be via network traffic monitoring and analysis. Network traffic can be monitored via a firewall or intrusion detection system. An administrator may even set up rules that create an alert upon the detection of an anomalous traffic load and identify the source of the traffic or drops network packets that meet a certain criteria.

The following symptoms could indicate a DoS attack:

• Unusually slow network performance (opening files or accessing websites),
• Unavailability of a particular website, or
• An inability to access any website.