What is a DOS attack?
Introduction
Have you ever tried to access a website in vain? If you have a great internet connection, there are chances that the website may be undergoing a DoS attack. If you do not know what a DoS attack is, do not worry, this article is more of a guide on everything you need to know about DOS, including examples, prevention, and remediation. Let us start with the DOS attack definition.
What is a DoS attack?
In layman’s terms, a DoS attack is defined as the name denial-of-service. This sort of attack bombards an internet entity with traffic so immense that it disarrays the website to the point of not being able to perform basic operations.
DoS attack in action
The first objective of this attack is to disorientate an internet entity and to do this. Perpetrators do not need the help of sophisticated software. Rather, they exploit a vulnerability in the computer communications network.
Let us do a simple illustration;
When you try to access amazon from your PC, your computer first requests permission to access the website. For example, “Hello, can I come in?”
Amazon’s server responds by asking for a pass like “hey! Are you real?”
Your computer says, “yes,” and just like that, you are granted access, and Amazon’s landing page pops up on your screen.
In the case of a DoS attack, the perpetrator hacks his computer to send multiple hello messages instead of one. Amazon’s server responds, as usual, blind to which request is legitimate and waits for responses from every request sent before shutting the communication. Once the server is shutting all communications, the computer of attack does the same thing all over again, sending hundreds or thousands of fake requests.
Common types of DoS attacks
Perpetrators carry out DoS attacks in several ways. Here are 5 of the most popular examples of DoS attacks:
1. Buffer overflow
In a buffer overflow attack, the perpetrator bombards a network’s server with traffic that surpasses its capabilities, like filling a cup till it spills, causing the server to deny service requests. Unfortunately, this also allows the culprits to exploit the data spill, granting them illegal access to data in the buffer to use and overwrite.
2. Smurf Attack
This is similar to the ping flood. In a Smurf attack, the aggressor sends a request to multiple vulnerable computers but channels all the responses to the victim’s server, causing a jam in the victim’s web server.
3. Ping flood
A ping flood attack is also known as an ICMP flood. In this form of DoS, the aggressor overwhelms the target systems with fake requests from large payloads, making them unavailable to respond to real requests and may end up crashing.
4. SYN flood
The SYN flood attack exploits the TCP handshake process; the server responds to entry requests with an authentication request and leaves its channel open, waiting for their response. The attackers manipulate this system as they send requests from spoofed addresses and cause the server to leave its channel open for responses that are never coming. This occupies it and denies it from serving real users.
How do I know if an attack has begun?
It is quite easy to identify a DoS attack as a user or a site visitor. First, you would notice that a server is either down or reacting very slowly to commands.
As a network provider, noticing a DoS attack before it goes on, causing damage for a few hours, can be tricky since you are not always browsing your site. There are automated systems that can check traffic regularity and alert server management in case of an attack, but there are unconventional ways that one can check his site:
- You can set a program to check and alert server management when one IP address spams the server with requests within a short time.
- If employees or staff are on the same network as the service, they will notice a drop in network speeds.
- Since the culprits try to leave server channels open for as long as possible, the software can be set up to detect pings that exceed or run out of their expected span.
- If there’s an online community for customers or visitors, it is easier to see customers complain about an out-of-service error message and move quickly to stop the attack.
What is a DDoS attack and how is it different from a DoS attack?
A DoS or Denial-of-Service attack is an attack against a victim server host where the attacker uses a single device equipped with DoS attack tools to flood the victim’s server so that it crashes and is unable to accommodate legitimate visitors to the site and also to expose data on the attacked web server for theft or to overwrite. At the same time, a DDoS or Distributed Denial-of-Service attack is carried out by many human or bot-operated devices, which floods the victim’s host with traffic from various sources to achieve the same aim as the former.
The latter is more effective, though, as it is from various computers, unlike the former, therefore making it harder to defend against as its source is harder to track.
History of Denial-of-Service attacks
DoS attacks date back to the 20th century. Many sources say 13-year-old David Dennis programmed the first attack in 1974, whose curious experiment forced computers at a nearby university research facility to shut down.
Measures to prevent and eliminate a DoS attack
With statistics reporting that DoS attacks are on the rise, it is only right that we give a few tips on DoS attack prevention and remediation;
- It would be best if you had DoS protection, and with 3-layer and 4-layer attacks on the rise, make sure your protection is multilayered.
- Early detection is also key as it helps you get ahead of the attackers. You can use any or all of the detection tips listed above.
- You would have learned from the definition of a DoS attack that you should also upgrade your network structure to accommodate traffic, making it difficult for attackers to flood it.
- Set up your firewalls and routers and update them to keep up-to-date security patches.
- Lastly, you should pay attention to caveats, and some examples of DoS attacks give symptoms the same as a virus, but be sure to check and make sure.
- Remember that if a DoS attack breaks through your defenses, your best chance at beating it is early detection and immediate action.
