As an internet user, you have likely experienced an interruption in service at some point. Maybe your favorite website was unavailable. Or perhaps your internet service was completely down. Sometimes this happens due to scheduled maintenance. Other times it happens due to hardware or software issues. However, interruptions are occasionally the result of what is called a Denial-of-Service attack.
A Denial-of-Service (DoS) attack occurs when legitimate users are unable to access information or other network resources. DoS attacks are performed by malicious hackers and hacktivists. Used to disable or disrupt user access to websites, this cyber-attack can take down websites and entire networks. A DoS attack is accomplished by flooding a network with traffic until it becomes overwhelmed. The system then either stops responding or crashes entirely. DoS attacks are like traffic jams. They prevent regular, normal traffic from reaching the system.
Common Types of Denial-of-Service Attacks
The following are some of the most popular forms of DoS attacks:
- Buffer overflow: Buffer overflows occur when too much traffic is sent to a network, causing it to shut down or crash. Buffer overflows are the most common form of DoS attack. This attack can cause a system to consume all available hard disk space, memory, or CPU time. This can result in a slower response or a system-wide crash.
- ICMP flood: An ICMP flood occurs when a network is flooded with ICMP echo-request packets, overwhelming the system. This causes the network to become inaccessible to normal traffic.
- HTTP Flood: HTTP flood is an application layer attack that manipulates the HTTP web protocol. It is the equivalent to refreshing a web page over and over hundreds of times from multiple computers at the same time. The result is a flood of traffic causing a denial-of-service.
- SYN flood: SYN floods occur over the TCP three-way handshake. A client sends a synchronize request to the host server. The host server then responds with a synchronize-acknowledgment request to the client. Once received, the client will respond with an acknowledgment for the connection. The client fails to send the acknowledgment, therefore causing the server to stand by and wait for the final request. This causes the entire server to become congested with traffic. Often times the client IP address is fake or spoofed.
- Distributed Denial-of-Service (DDoS): A DDoS attack is a large-scale attack that occurs when multiple systems are coordinated to launch a denial-of-service attack. DoS attacks utilize a single connection, where DDoS attacks utilize multiple connections. These connections are most often in the form of a botnet. However, in some cases, the attack is part of a coordinated effort between multiple attackers.
Motivations Behind an Attack
Denial-of-Service attacks are becoming a more prevalent form of cyber-attack. But the question remains as to why threat actors resort to using DoS attacks. The most common reasons for a DoS attack are:
- Ideology/Hacktivism: Hacktivists may use a DoS attack as a way of expressing criticism against governments or websites they disagree with. They use these attacks as a means of spreading their ideology.
- Extortion: Hackers may take down a website or network and hold it for ransom. Either the company pays the ransom, or the attack continues. They may also use the threat of an attack to extort money.
- Corporate Feuds: Rival corporations may employ a DoS attack as a means of taking down a competitor’s website. If the website is down, then their services will also be unavailable to consumers. This could cause consumers to look to the competitor’s site.
- Cyber Warfare: Rival governments sometimes employ the use of a DoS attack against enemy nations. A state-sanctioned DDoS attack could cripple an enemy countries website or their entire infrastructure.
- Boredom or Thrills: Amateur hackers are often called Script Kiddies. They use existing scripts or programs to launch DoS attacks for the thrill of taking down a website from their bedroom. Often times they do not even know how these programs work or the extent of damage they inflict.
Prevention and Response
It is near impossible to prevent a Denial-of-Service attack, especially when malicious actors launch over 1 Tbps at your servers. And with the increase of vulnerable Internet-of-Things (IoT) devices being used as botnets, attacks are becoming more prevalent. However, there are steps you can take to help mitigate an attack and recover.
- Architecture: Locate your servers at different data centers in different geographical locations. Also, ensure that these servers are not on the same network. You also want to look for and reduce any bottlenecks or single points of failure.
- Hardware: Deploy hardware that can handle an attack. Increasing resources like memory and hard disk space can lessen the impact of an attack.
- Bandwidth: If possible, try to scale up bandwidth to your network. Like with hardware resources, increased bandwidth can help you absorb an attack and lessen the impact.
- Outsourcing: Outsourcing is another way of mitigation. There are many companies that offer DoS Mitigation services to organizations. These services can include cloud scrubbing, rerouting traffic, and dynamic load balancing.
Denial of service attacks are not always avoidable, but they are recoverable. You can lessen the impact with the right tools, plans, and system in place. These recommendations are simply best practices that can help mitigate and recover from a Denial-of-Service attack, should you suffer one.