Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

dos
denial of service
attacks
defenses

What are DoS attacks and defenses?

Umme Ammara

A denial-of-service or DoS attack prevents someone from using a computer service. DoS attacks have a huge attack surface, and the attacker can carry out this attack in the following two ways:

  • Deny a service using a programming flaw.

  • Deny a service using resource exhaustion.

The motivation behind carrying out a denial-of-service attack might include competitive advantage, extortion, entertainment, or manipulation, etc. A few common DoS attacks are:

Types of DoS Attacks

DNS amplification

The attacker can use the structure of DNS lookups to increase the load induced on the resource. The attacker causes a large amount of traffic by making random requests to the DNS resolvers so that the amplified responses are sent to the target by the resolvers.

Defenses

General defenses against DNS amplification attacks include reducing the total number of DNS resolvers and verifying the source IP addresses.

DoS on networks

The attacker can carry out a DoS attack on Internet access by sending many network packets to overwhelm the rate at which the router processes the packets.

Defenses

The most common defense against a network DoS attack includes installing a network filterisolation mechanism that discards any packets with the attacker’s IP address. However, the attacker can still counter the network filter by using many hosts to send the traffic, rather than just one. This is called a DDoS (Distributed Denial of Service) Attack.

TCP SYN flood attack

The attacker targets the memory rather than the network capacity in this attack. Using the TCP’s 3-way connection, the attacker sends a unique SYN in large numbers, causing the memory to be exhausted. When an actual user tries to open a new connection, TCP will deny the connection.

Defenses

The most effective defense against the SYN Flood attack is using SYN cookies.

DoS on operating systems

The attacker might manipulate the code to use up all of the disk space, such as creating unlimited processes or files to damage the disk.

Defenses

General defenses against this attack include isolating the users of the operating system and imposing quotas.

DoS via program flaw

The attacker might supply an input that crashes the system or fools a system into shutting down by leveraging a programming flow.

Defenses

General defenses include careful coding practices and proper authentication.

RELATED TAGS

dos
denial of service
attacks
defenses

CONTRIBUTOR

Umme Ammara
Copyright ©2022 Educative, Inc. All rights reserved
RELATED COURSES

View all Courses

Keep Exploring