A denial-of-service (DoS) attack aims to make a system, network, or application unavailable to its legitimate users by exhausting a resource the target relies on. Resources commonly targeted include CPU, memory, network bandwidth, connection slots, and application-specific limits such as database connections or API quotas.
How a DoS attack works
The attacker generates more requests, traffic, or resource demand than the target can handle. Once the resource is saturated, legitimate users receive timeouts, errors, or degraded performance. A DoS attack does not need to extract data or alter code; the harm is the unavailability itself, which often translates directly into lost revenue, broken SLAs, and reputational damage.
DoS versus DDoS
A single-source DoS attack originates from one machine; a distributed denial-of-service (DDoS) attack comes from many sources simultaneously, often a botnet of compromised devices. DDoS is much harder to mitigate because traffic does not share a single origin, and volumes can reach hundreds of gigabits per second.
Common attack categories
Volumetric attacks saturate the link itself with raw traffic (UDP floods, amplified DNS or NTP queries). Defence requires upstream filtering capacity larger than the attack.
Protocol attacks consume server-side state by abusing protocol behaviour (SYN floods, fragmented packet floods, ping of death). They target firewalls, load balancers, and stateful devices.
Application-layer attacks send legitimate-looking requests that are expensive to process (slow-loris, recursive search queries, login spraying). They are the hardest to detect because each request looks valid in isolation.
Mitigation
Deploy a DDoS protection service that can absorb volumetric traffic upstream of the origin. Use a content delivery network (CDN) for static assets so peak demand does not hit application servers directly. Rate-limit at the application layer per IP, per session, and per endpoint. Cache aggressively where the response permits. Maintain an incident-response runbook that defines who decides to enable emergency rate limits, how to switch DNS to a scrubbing provider, and how to communicate with customers during an outage.
Related terms
See also: brute force attack, firewall, and port scanning.
Leave a Reply