Denial-of-Service Attack

A denial of service or DoS, attack is a type of attack in which the attacker tries to crash an application so that the legitimate users are not able to access the application. The attacker does not gain any benefit from this attack. The main purpose of this attack is to harm an organization, and is often carried out by a competitor or mischievous hacker.

The first DoS attack was done by 13-year old David Dennis in 1974. Dennis wrote a program using the external or ext command that forced some computers at a nearby university research lab to power off.

Types of Denial of Service Attacks

The denial of service attacks can be categorized into two types:

1. Flood Attack

In a flood attack, the attacker overwhelms the application with a flood of requests. The application has a limit to the number of requests it can handle per second, and if the number of requests increases exponentially, the server will slow and eventually crash.

There are two types of flood attacks:

• ICMP flood – In this attack, the attacker leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the “smurf attack” or the “ping of death”.

• A SYN flood – In this attack, the targeted server receives a request to begin the handshake, but the handshake is never completed. That leaves the connected port occupied and unavailable to process further requests. The attacker continues to send more and more requests, overwhelming all open ports and shutting down the server.

2. Crash Attack

This attack is not very common. In this attack, the attacker transmits a bug to the server which then takes advantage of the vulnerabilities of the server.