Skip to main content
← Back to D Definitions

Denial of service attack

What Is a Denial of Service Attack?

A denial of service (DoS) attack is a malicious attempt to make a computer resource unavailable to its intended users. This disruption is typically achieved by overwhelming the target system, server, or network with a flood of traffic or by exploiting a vulnerability that causes it to crash or become severely slow. Within the broader context of Information Security Risk Management, DoS attacks represent a significant operational risk for businesses and organizations, threatening their ability to conduct normal operations and maintain system availability.

History and Origin

The concept of disrupting computer systems dates back to the early days of networked computing. One of the earliest documented instances of a denial of service attack occurred in 1974, when a 13-year-old student, David Dennis, inadvertently crashed 31 PLATO terminals at the University of Illinois by sending a problematic command.7 While this initial event was an experiment without malicious intent, the underlying principle of overwhelming a system to render it unusable laid the groundwork for future, more nefarious attacks.

In the mid-1990s, as the internet became more prevalent, DoS attacks evolved. A notable example occurred in 1996 when Panix, an internet service provider, became a target of a SYN flood attack, which overwhelmed its servers with fake connection requests, forcing a temporary shutdown.6,5 This incident highlighted the growing threat and the need for improved network security measures. By the late 1990s, more sophisticated tools emerged, leading to the rise of distributed denial of service (DDoS) attacks, which employ multiple compromised systems to launch a coordinated assault.4

Key Takeaways

  • A denial of service attack aims to make a system or network resource unavailable to legitimate users.
  • These attacks typically overwhelm targets with traffic or exploit software vulnerabilities.
  • DoS attacks pose significant operational risk and can lead to financial losses and reputational damage.
  • Mitigation strategies often involve traffic filtering, increased bandwidth, and robust cybersecurity measures.

Interpreting the Denial of Service Attack

Understanding a denial of service attack involves recognizing its impact on service accessibility and its implications for an organization's operations. When a DoS attack occurs, legitimate users are unable to access websites, applications, or other online services, leading to disruption. For businesses, this can mean lost revenue, damaged customer trust, and compromised ability to perform essential functions like transaction processing. Evaluating the severity of a DoS attack often involves assessing the duration of the outage, the volume of malicious traffic, and the specific services affected. Effective business continuity planning is crucial to minimize the fallout from such incidents.

Hypothetical Example

Consider a small online brokerage firm that relies heavily on its website for client trading and account management. One day, a malicious actor launches a denial of service attack, targeting the firm's web servers. The attacker sends a continuous stream of illegitimate requests to the server, far exceeding its capacity to process them. As a result, the server becomes overloaded and cannot respond to valid client requests. Clients attempting to log in or place trades receive error messages or experience extremely slow loading times, effectively being denied service. This immediate disruption highlights how a denial of service attack can directly impede the firm's ability to conduct its core financial institutions operations, potentially leading to client frustration and significant financial losses if trades cannot be executed.

Practical Applications

Denial of service attacks manifest in various real-world scenarios, particularly impacting sectors reliant on continuous information technology and network connectivity. The financial services industry, for instance, has become a frequent target due to the critical nature of its online operations and the potential for significant disruption. In Q3 2024, the banking and financial services sector bore the brunt of these cyber incidents, with nearly 6 million distributed denial of service (DDoS) attacks recorded.3

Organizations apply various strategies to counter denial of service attacks, often integrating these into their broader risk management frameworks. This includes implementing traffic filtering systems, deploying specialized hardware and software solutions designed to absorb or redirect malicious traffic, and engaging with third-party scrubbing services. Furthermore, compliance with regulatory compliance standards, such as those related to data protection and system availability, often necessitates robust DoS protection measures.

Limitations and Criticisms

While various mitigation techniques exist for denial of service attacks, defending against them presents ongoing challenges. Attackers constantly evolve their methods, making it difficult for defenses to keep pace. For example, modern attacks can be highly sophisticated, mimicking legitimate user behavior, which makes detection and mitigation significantly harder than simply blocking high volumes of traffic.2 Furthermore, the cost of implementing comprehensive DoS protection, especially for smaller entities, can be substantial, requiring significant investment in infrastructure and expertise.

The increasing reliance on digital transformation across industries, including interconnected systems and internet protocols, expands the potential attack surface. This makes organizations more susceptible to outages, which can erode customer trust and halt critical business functions. Even with advanced defenses, a determined and resourceful attacker may still find ways to disrupt services, leading to periods of downtime and potential data breach concerns if the DoS attack serves as a smokescreen for other malicious activities.

Denial of Service Attack vs. Distributed Denial of Service (DDoS) Attack

While often used interchangeably, a denial of service (DoS) attack and a distributed denial of service (DDoS) attack differ primarily in their source. A traditional DoS attack originates from a single source, typically one computer system, attempting to overwhelm a target. This single point of origin makes it relatively easier to identify and block the malicious traffic.

In contrast, a DDoS attack leverages multiple compromised computer systems, often organized into a "botnet," to flood the target with traffic simultaneously. This distributed nature makes DDoS attacks far more powerful, resilient, and difficult to mitigate, as the malicious traffic comes from numerous diverse sources, making it harder to distinguish from legitimate user activity. The sheer volume and decentralized nature of a DDoS attack can quickly overwhelm even robust defenses, posing a greater threat, particularly to large organizations or critical infrastructure.

FAQs

What is the primary goal of a denial of service attack?

The primary goal of a denial of service attack is to disrupt the normal functioning of a website, application, or network, making it inaccessible to its legitimate users. This can lead to financial losses, reputational damage, and operational disruption for the targeted entity.

How do organizations protect themselves from denial of service attacks?

Organizations employ various strategies to protect against denial of service attacks. These include implementing specialized hardware and software for traffic filtering, utilizing cloud-based DDoS protection services that can absorb large volumes of malicious traffic, and maintaining robust cybersecurity protocols. Organizations also refer to guidelines like the NIST Cybersecurity Framework to manage their cyber risks.1

Can a denial of service attack steal my data?

A denial of service attack itself is primarily focused on disrupting service availability, not on stealing data. However, attackers sometimes use DoS attacks as a diversion or "smokescreen" to mask other malicious activities, such as attempting a data breach or installing malware. It is essential for organizations to have comprehensive security measures to address both DoS attacks and other forms of cyber threats.

What should I do if a service I use is affected by a DoS attack?

If a service you use is affected by a denial of service attack, there is usually little you can do as an individual user other than wait for the service provider to mitigate the attack. Service providers typically have incident response teams, like those guided by the CERT Coordination Center, working to restore functionality. You can often check the service's official social media channels or status pages for updates on the disruption.