A Denial of Service (DoS) attack, unlike other compromises such as basic attacks, identity attacks and malicious code, target a server or other network component in pursuit of rendering it unavailable. Typically in a DoS attack, the primary motive is to deny the victim access to a certain resource and it will "prevent legitimate users of a service from accessing that service" (Carnegie Mellon, retrieved 2006). There are several ways that DoS attacks can be initiated, and there are three fundamental types. These types either aim to consume limited (or scarce) resources, modify or destroy configuration information or to physically destruct or modify network components. Consuming bandwidth is also another way to target in a DoS attack. Unlike attacks where the goal is to steal data or gain unauthorized access to the data, the objective of a DoS attack is to cripple or disable a server or network.

When a Denial of Service attack is launched, it is carried out by flooding it with requests and overwhelming it, then ignoring the server's response. Thus traffic is increased tremendously and the system is unable to handle this vast level of activity. The attacking computer is programmed to ignore each of the server's responses, thus the line is kept "busy" with each request since the server (or network) is waiting for a response that will never come. This makes the server unavailable for other requests that come in. With a successful attack, the server runs out of resources and performance is significantly decreased or lost completely. Another way an attacker can approach a DoS attack is to ping a computer using Internet Control Message Protocol (ICMP). The return IP address is spoofed to be the address of the victim rather than that of the attacker and the server will respond to these computers, tying up valuable internet resource and network space.

Another type of DoS attack is the Distributed Denial of Service. This is accomplished by the attacker using a large number of computers to accomplish the attack. Typically an attacker will find a way to access a large computer that has plenty of memory and a fast internet connection. After a computer is selected and entry gained ("hijacked"), the attacker loads software onto this computer that will scan thousands of other computers in search of vulnerabilities in their systems. If susceptibility is discovered in another computer, the handler installs malicious software on these computers. These accessed computers are referred to as "zombies" because they are virtually directed what to do as they are controlled by an outside source. The attacker will designate the handler to direct all zombie computers to target a specific server with requests, which will lead to a rapid DoS attack. The attack is massive since thousands of zombies can have been made and used to achieve this and wreak damage.

DoS attacks can have serious consequences since it can virtually disable a server or computer network. If an organization relies on these for their primary business, such as an e-commerce site, this can cause serious problems affecting the business. DoS attacks can result in a significant loss of both money and time.

Reference:
Carnegie Mellon Software Engineering Institute, CERT Coordination Center, "Denial of Service", http://www.cert.org/tech_tips/ denial_of_service.html, Retrieved November 2006

Learn more about this author, Leigh Goessl.
Click here to send author comments or questions.

---

Add your voice

Know something about How a denial of service attack works?
We want to hear your view. Write now!