The Beginner’s Guide to Denial-of-Service Attacks: A Breakdown of Shutdowns
September 25 2019Denial-of-service (DoS) is a basic cyberattack mechanism that prevents a victim from doing business by denying them access to their network, server, or customer. It’s an attack concept so simple that many different variations have arisen on the single basic theme.
These variations, like weeds rising up to choke a garden, arise to choke out the productive applications in an enterprise ecosystem. And, like weeds, there are many different varieties of these thorny, choking vines from the underworld ready to make your security life miserable.
It’s important to know the different sorts of DoS attacks because they have different remedies. Just as different weedy plants can be dealt with in different ways, the counter-measures for DoS attacks are different depending on whether they target the network or applications, and precisely which method of attack they use.
One thing you might have noticed is that we’ve referred to DoS attacks rather than DDoS. The reason is that DDoS (Distributed Denial of Service) is a particular sort of DoS attack, one in which the attack comes from many different sources so that it’s more difficult to defend against.
Whether distributed or from a single source, DoS attacks can be divided into three broad categories based on the part of the infrastructure under attack. First, are application-layer attacks, which take aim at application servers or parts of the application software stack. Next come protocol attacks, which use one of the basic networking protocols, like arp, syn, or ping to do their dirty work. Finally, there are the DoS attacks that are most widely assumed when people talk about DoS — the volumetric attacks that simply try to use sheer traffic volume of one sort or another to choke off access to a victim’s network.
Before we head off into this rogue’s gallery, one absence should be noted: You won’t find a discussion of ransomware here. It’s true that ransomware is, technically, a denial of service attack, since it denies the victim access to their own data. It has grown and expanded so much, though, that it deserves it’s own article, and it will have one.
In addition, it works in one way that’s very different from the DoS attacks we’ll discuss here: While all of these block customer access to applications and data, they don’t alter the data or applications themselves. Ransomware, conversely alters the files and systems in ways that prevent users from interacting with them. Ransomware affects those files/systems value to the user — and may also result in the destruction of those items. Each type of attack is damaging, but the differences make treating them separately worthwhile.
Let’s take a look at these dangerous and irritating pests, with a special eye toward understanding how they differ and how defense should differ, as well.
{Continued on Next Page}
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio
The Beginner’s Guide to Denial-of-Service Attacks: A Breakdown of Shutdowns
September 25 2019Denial-of-service (DoS) is a basic cyberattack mechanism that prevents a victim from doing business by denying them access to their network, server, or customer. It’s an attack concept so simple that many different variations have arisen on the single basic theme.
These variations, like weeds rising up to choke a garden, arise to choke out the productive applications in an enterprise ecosystem. And, like weeds, there are many different varieties of these thorny, choking vines from the underworld ready to make your security life miserable.
It’s important to know the different sorts of DoS attacks because they have different remedies. Just as different weedy plants can be dealt with in different ways, the counter-measures for DoS attacks are different depending on whether they target the network or applications, and precisely which method of attack they use.
One thing you might have noticed is that we’ve referred to DoS attacks rather than DDoS. The reason is that DDoS (Distributed Denial of Service) is a particular sort of DoS attack, one in which the attack comes from many different sources so that it’s more difficult to defend against.
Whether distributed or from a single source, DoS attacks can be divided into three broad categories based on the part of the infrastructure under attack. First, are application-layer attacks, which take aim at application servers or parts of the application software stack. Next come protocol attacks, which use one of the basic networking protocols, like arp, syn, or ping to do their dirty work. Finally, there are the DoS attacks that are most widely assumed when people talk about DoS — the volumetric attacks that simply try to use sheer traffic volume of one sort or another to choke off access to a victim’s network.
Before we head off into this rogue’s gallery, one absence should be noted: You won’t find a discussion of ransomware here. It’s true that ransomware is, technically, a denial of service attack, since it denies the victim access to their own data. It has grown and expanded so much, though, that it deserves it’s own article, and it will have one.
In addition, it works in one way that’s very different from the DoS attacks we’ll discuss here: While all of these block customer access to applications and data, they don’t alter the data or applications themselves. Ransomware, conversely alters the files and systems in ways that prevent users from interacting with them. Ransomware affects those files/systems value to the user — and may also result in the destruction of those items. Each type of attack is damaging, but the differences make treating them separately worthwhile.
Let’s take a look at these dangerous and irritating pests, with a special eye toward understanding how they differ and how defense should differ, as well.
{Continued on Next Page}
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio
