What are DoS and DDoS attacks?

9 min readMay 30, 2024

A Denial-of-Service (DoS) attack is an attack intended to shut down a machine or network, making it difficult to reach its planned clients. DoS attacks achieve this by flooding the fake packets with traffic or sending it data that triggers a crash in that system. In the two occurrences, the DoS attack denies genuine clients of the service or asset they excepted. In this article, we are going deeper inside this DoS attack. We’ll discuss the difference between DoS and DDoS and then also discuss some of the largest DoS and DDoS attacks.

What is a DoS attack?

A Denial-of-Service(DoS) attack is a type of cyber attack where a computer is used to flood a server with TCP and UDP packets to shut down the target’s network.

In this attack, the attacker sends fake packets all over the server till it overloads the server’s capability and completely shuts down the server. That’s why the server becomes unavailable for other devices and users. DoS attacks are used to shut down the machine or network so that they can’t be used by other users.

Most of the time attackers choose servers of high-profile organizations like banking, government, commerce, media or trade organizations, etc. Although DoS does not steal or harm any data it can cost the target a great deal of time and money to handle.

Some of the different ways a DoS attack can be used are:

SYN Flood — These types of attacks send requests to connect to a server but never complete handshakes. And then the network becomes inundated with connection requests that prevent any user or device from connecting to the network.
Buffer overflow attacks — This is the most common DoS attack. The goal of this attack is to send more traffic to the network than the system is made to handle.
Ping of Death — The attack is also known as the ICMP attack. This attack sends spoofed packets that ping every computer on the target network, instead of sending it to just one specific machine.
Teardrop attack — During a teardrop DoS attack, the attacker sends IP information bundle pieces to a network. The network at that point endeavors to recompile these parts into their unique parcels. The way toward aggregating these sections exhausts the framework and it ends up crashing. It crashes because the fields are intended to befuddle the framework so it can not assemble them back.

The more offline time any service spends the more it costs. By DoS attack, the data may not be stolen or infected but the downtime of the organizations costs thousands every year. Preventing DoS attacks has become a requirement for all organizations at this time.

What is a DDoS attack?

Distributed Denial of Service(DDoS) is an additional type of DoS attack. During this attack, multiple systems target a single server with malicious traffic. By using many different locations, attackers can take down the target’s system for a considerable amount of time.

The reason behind this attack is that the attacker can use multiple locations so that the victim can not find the origin of the attack. it’s hard to recover from a DDoS attack for the victim. there are 90% chance that the system that is under a DDoS attack will be compromised. So that attackers can launch attacks from different slave computers. These slave computers are known as zombies or bots. These bots create a botnet that connects all devices. The attacker controls this botnet through a command or any control server.

Various forms of DDoS:

UDP flood: The attacker floods the victim’s network with User Datagram Protocol(UDP) packets on a remote host. So that host keeps looking for an application listening at port but there is no application. And when the host finds out that it replies with the packet which says that the requested destination isn’t reachable.
Ping of Death(POD): During this attack, the attacker sends multiple pings to the target server by using manipulated packets. When the target’s network tries to reassemble these packets network assets are spent, and they are inaccessible to real parcels. This pounds the objective organization to an end and takes it out of action.
Slowloris: Slowris is a DDoS attack software. This software was developed by Robert Hansen. The main intention of this software is to take down the web servers. The attacker sends partial HTTP requests with no intention of completing them. To keep running the attack Slowris sends requests periodically. This type of attack doesn’t require any bandwidth.
Zero-Day attack: Zero-day attacks are one of the well-known attacks. This attack exploits the vulnerability. These types of attacks are very bad because the victims can’t prepare themselves before they experience the live attack.

Difference between DoS and DDoS

The core difference between DoS and DDoS attacks is that in DoS attacks a computer is used to flood the server with fake packets and in DDoS attacks, multiple system targets a single system. DDoS attacks are more difficult to detect and the reason for that is they are launched from different locations so that victims can’t find the origin of the attack. Another difference is that DDoS attack uses many systems so in a DDoS attack attackers can send more fake packets than DoS attacks. Botnets or networks of devices make DDoS attacks under the control of an attacker. On the other hand, DoS attacks can be done through the use of a script or any tools like Low Orbit ION cannon.

Top 5 famous DDoS attacks

Now let’s see the most famous DDoS attacks done till now. And some important data about those attacks.

1. The Google Attack 2017

Google reported that a state-sponsored hacking group launched the biggest DDoS attack till now against the company in September 2017. It was the record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which they are aware. A Security Engineer at Google wrote:

The attacker utilized a few servers to spoof 167 Mpps (a great many parcels each second) to 180,000 uncovered CLDAP, DNS, and SMTP workers, which would then send enormous reactions to us. This shows the volumes a well-resourced assailant can accomplish. This was Four times bigger than the record-breaking 623 Gbps attack from the Mirai botnet a year sooner.

(Credit: Google)

2. The Mirai Krebs and OVH DDoS Attacks in 2016

On September 20, 2016, the blog of network protection master Brian Krebs was attacked by a DDoS attack of more than 620 Gbps, which was the biggest attack ever seen at that time. Krebs’ site had been attacked previously. Krebs had recorded 269 DDoS attacks since July 2012, however, this attack was just about multiple times greater than anything his website or, so far as that is concerned, the web had seen previously.

The wellspring of the attack was the Mirai botnet, which, at its pinnacle sometime thereafter, comprised over 600,000 traded off the Internet of Things (IoT) gadgets, for example, IP cameras, home switches, and video players. The Mirai botnet had been found in August that very year however the attack on Krebs’ blog was its first large trip.

(Credit: Cloudflare)

3. The AWS DDoS Attack in 2020

Amazon Web Services, the 800-pound gorilla of all that distributed computing, was hit by an immense DDoS attack in February 2020. This was the most extraordinary recent DDoS attack ever and it focused on an unidentified AWS client utilizing a method called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. This method depends on weak outsider CLDAP workers and intensifies the measure of information shipped off the casualty’s IP address by 56 to multiple times. The attack went on for three days and crested at a surprising 2.3 terabytes each second.

4. The Six Banks DDoS Attack in 2012

On March 12, 2012, six U.S. banks were focused on a flood of DDoS attacks — Bank of America, JPMorgan Chase, U.S. Bank, Citigroup, Wells Fargo, and PNC Bank. The attacks were completed by many captured workers from a botnet called Brobot with each attack creating more than 60 gigabits of DDoS attack traffic each second.

At that point, these attacks were one of a kind in their steadiness. Instead of attempting to execute one attack and afterward withdrawing, the culprits flooded their objectives with a large number of attack techniques to discover one that worked. Thus, regardless of whether a bank was furnished to manage a couple of sorts of DDoS attacks, they were defenseless against different kinds of attacks.

5. The Mirai Dyn DDoS Attack in 2016

On October 21, 2016, Dyn, a significant Domain Name Service (DNS) supplier, was attacked by one terabit each subsequent traffic flood that at that point turned into the new record for a DDoS attack. There’s some proof that the DDoS attack may have accomplished a pace of 1.5 terabits each second. The traffic torrent thumped Dyn’s administrations disconnected delivering various prominent sites including GitHub, HBO, Twitter, Reddit, PayPal, Netflix, and Airbnb, unavailable. Kyle York, Dyn’s main procedure official, revealed, “We noticed 10s of millions of discrete IP addresses related with the Mirai botnet that was essential for the attack.”

A map of internet outages in Europe and North America caused by the Dyn cyberattack October 2, 2016 / Source: DownDetector (CC BY-SA)

How to prevent these attacks

Now then we know how this attack works, let’s discuss the different ways to prevent these attacks. Even though DOS attacks are a consistent danger to present-day associations, there are various advances that you can take to remain secure when an attack. Before executing a security methodology perceive that you will not have the option to forestall each attack that comes as you would prefer. That being said, you will want to limit the harm of an effective attack that comes in your direction.

There are different ways:

Network monitoring
Test run DoS attacks
Create a DoS Response Plan

Network monitoring

Observing your organization’s traffic is a standout amongst other preemptive advances you can take. Observing normal traffic will permit you to see the indications of an attack before the assistance goes down totally. By checking your traffic you’ll have the option to make a move the second you see irregular information traffic levels or an unrecognized IP address. This can be the distinction between being taken disconnected or keeping awake.

Before executing a hard and fast attack, most aggressors will test your organization with a couple of parcels before dispatching the full attack. Observing your organization’s traffic will permit you to screen for these little signs and recognize them early with the goal that you can keep your administration on the web and dodging the expenses of sudden downtime.

Test run DoS attack

Shockingly, you will not have the option to forestall each attack that comes as you would prefer. Nonetheless, you can ensure you’re arranged once an attack shows up. Quite possibly the most immediate approach to do this is to reenact DDoS attacks against your own organization. Mimicking an attack permits you to try out your present anticipation techniques and assists with developing some ongoing counteraction methodologies that can set aside bunches of cash if a genuine attack comes in your direction.

Create a DoS response Plan

Build up a DDoS anticipation plan dependent on a careful security evaluation. In contrast to more modest organizations, bigger organizations may require a complex framework and include various groups in DDoS arranging.

At the point when DDoS hits, there is no ideal opportunity to consider the best strides to take. They should be characterized ahead of time to empower brief responses and stay away from any effects.

Building up an episode reaction plan is the basic initial move toward a thorough protection system. Contingent upon the foundation, a DDoS reaction plan can get very comprehensive. The initial step you take when a vindictive attack happens can characterize how it will end. Ensure your server farm is readied, and your group knows about their obligations. That way, you can limit the effect on your business and save yourself long periods of recuperation.