A “denial of service” or DOS attack is used to tie up a website’s resources so that users who need to access the site cannot do so. Many major companies, have been the focus of DOS attacks in recent years. Because a DOS attack can be easily engineered from nearly any location, finding those responsible can be next to impossible.
How a DOS Attack Works
Unlike a virus or malware, a DOS attack doesn’t depend on a special program in order to run. Instead, it takes advantage of a natural vulnerability in the way computer networks communicate.
Here’s an example: suppose that you wish to visit an ecommerce site in order to shop for a gift. Your computer sends a small packet of information to the website. This packet works as a “hello” – basically, your computer says, “Hi, I’d like to visit you, please let me in.”
When the server receives your computer’s message, it sends a short one back, saying, in a sense, “Okay, are you real?” Your computer responds – “Yes!” – and communication is established. The website’s homepage then pops up on your screen, and you can explore the site. Your computer and the server continue communicating as you click links, place orders, and carry out other business.
In a DOS attack, a computer is rigged to send not just one “introduction” to a server, but hundreds or sometimes thousands. The server—which cannot tell that the “introductions” are fake—sends back its usual response, waiting up to a minute in each case in order to hear a reply. When it gets no reply, the server shuts down the connection, and the computer executing the attack repeats, sending a new batch of fake requests.
Variations on DOS Attacks
One well-known variation on the DOS attack is a “DDOS” attack, or a “distributed denial of service” attack. A DDOS attack follows the same basic pattern as a standard DOS attack. Instead of using one computer that generates many fake user requests, a DDOS attack commandeers a fleet of computers to send requests. Because each computer has its own IP address, the server is further deceived into believing each request comes from a different “real” source. This makes DDOS attacks more likely to circumvent filters that are only designed to protect against multiple requests from the same source.
How to Block a DOS Attack
Ordinarily, sending responses to each request and waiting to hear back eats up the server’s resources. The server cannot stop, however, because its only option is to treat each request as authentic – it cannot tell the difference between a computer with a single human behind it and a false request generated by a program. Meanwhile, human users are unable to log onto the site, sometimes for hours. They become frustrated, go elsewhere, and the company that owns the site loses thousands or millions in business, as well as a great deal of customer goodwill.
Other DOS attack methods are covered in Symantec’s 2015 Internet Security Threat Report, which is available online for interested readers.