Denial-of-Service (DoS) Attack

What Is a Denial-of-Service (DoS) Attack?

A denial-of-service (DoS) attack is a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources. This is usually accomplished by flooding the targeted host or network with traffic until the target can't respond or crashes. DoS attacks can last anywhere from a few hours to many months and can cost companies time and money while their resources and services are unavailable.

Key Takeaways

  • A denial-of-service (DoS) is a form of cyberattack that prevents legitimate users from accessing a computer or network.
  • In a DoS attack, rapid and continuous online requests are sent to a target server in order to overload the server’s bandwidth.
  • Distributed denial-of-service (DDoS) attacks leverage a wide web of computers or devices infected with malware to launch a coordinated barrage of meaningless online requests, blocking legitimate access.

How Denial-of-Service Attacks Work

DoS attacks are on the rise as businesses and consumers use more digital platforms to communicate and transact with each other.

Cyberattacks are often launched to steal personally identifiable information (PII), causing considerable damage to companies' financial pockets and reputations. Data breaches can target a specific company or a host of companies at the same time. A company with high-security protocols in place may be attacked by a member of its supply chain that has inadequate security measures. When multiple companies have been selected for an attack, the perpetrators can use a DoS approach.

Cyberattacks typically fall into one of three main categories: criminal, personal, or political. Criminally motivated attacks seek financial gain. Personal attacks may occur when a disgruntled current or former employee seeks retribution and steals money or data or simply wants to disrupt a company's systems. Sociopolitical attackers—aka "hacktivists"—seek attention for their causes.

In a DoS attack, the cyberattackers typically use one Internet connection and one device to send rapid and continuous requests to a target server to overload the server’s bandwidth. DoS attackers exploit a software vulnerability in the system and proceed to exhaust the RAM or CPU of the server.

The damage in loss of service a DoS attack does can be fixed in a short time by implementing a firewall with allow/deny rules. Because a DoS attack only has one IP address, the IP address can be easily fished out and denied further access using a firewall. However, there is a type of DoS attack that is not so easy to detect—a distributed denial-of-service (DDoS) attack.

Distributed Denial-of-Service (DDoS) Attack

A common type of DoS attack is the distributed denial-of-service (DDoS) attack. The attacker floods its target with unwanted Internet traffic so that normal traffic is unable to reach its intended destination. Hordes of Infected, connected devices (e.g., smartphones, PCs, network servers, and Internet of Things devices) from around the world go after a targeted website, network, web application, application programming interface, or data center infrastructure simultaneously to block traffic.

DoS and DDoS attacks can slow or completely stop various online services, including email, websites, ecommerce sites, and other online resources.

The various sources of attack traffic may operate in the form of a botnet. A botnet is a network of personal devices that have been compromised by cybercriminals without the knowledge of the devices' owners.

The hackers infect the computers with malicious software to gain control of the system to send spam and fake requests to other devices and servers. A target server that falls victim to a DDoS attack will experience an overload due to the hundreds or thousands of phony traffic attacks that come into it.

Because the server is attacked from multiple sources, detecting all the addresses from these sources may prove difficult. Separating legitimate traffic from fake traffic may also prove impossible, hence another reason it is hard for a server to withstand a DDoS attack.

Why Are DDoS Attacks Launched?

Unlike most cyberattacks that are initiated to steal sensitive information, initial DDoS attacks are launched to make websites inaccessible to their users. However, some DDoS attacks serve as a facade for other malicious acts. When servers have been successfully knocked down, the culprits may go behind the scenes to dismantle the websites’ firewalls or weaken their security codes for future attack plans.

A DDoS attack can also function as a digital supply chain attack. If the cyberattackers cannot penetrate the security systems of their multiple target websites, they can find a weak link that is connected to all the targets and attack the link instead. When the link is compromised, the primary targets would automatically be indirectly affected as well.

Cyber vandals keep coming up with new ways to commit cybercrimes either for fun or profit. It is imperative that every device that has access to the Internet has security protocols in place to restrict access.

DDoS Attack Example

In October 2016, a DDoS attack was carried out on a domain name system (DNS) provider, Dyn. Think of a DNS as an Internet directory that routes your request or traffic to the intended webpage.

A company like Dyn hosts and manages the domain names of select companies in this directory on its server. When Dyn’s server is compromised, this also affects the websites of the companies it hosts. The 2016 attack on Dyn flooded its servers with an overwhelming amount of Internet traffic, thereby creating a massive web outage and shutting down over 80 websites including major sites like Twitter, Amazon, Spotify, Airbnb, PayPal, and Netflix.

Some of the traffic was detected as coming from a botnet created with malicious software known as Mirai, which seemed to have affected more than 500,000 devices connected to the Internet. Unlike other botnets that capture private computers, this particular botnet gained control over easily accessible Internet of Things (IoT) devices such as DVRs, printers, and cameras. These weakly secured devices were then used to make a DDoS attack by sending an insurmountable number of requests to Dyn’s server.

What Is a DoS Attack?

A DoS (denial-of-service) attack is a cyberattack that makes a computer or other device unavailable to its intended users. This is usually accomplished by overwhelming the targeted machine with requests until normal traffic can no longer be processed. With a DoS attack, a single computer launches the attack. This differs from a DDoS (distributed denial-of-service) attack, in which multiple systems simultaneously overwhelm a targeted system.

What Is a DDoS Attack?

A DDoS (distributed denial-of-service) attack happens when multiple systems overwhelm the bandwidth or resources of a targeted system. A DDoS attack uses various sources of attack traffic, often in the form of a botnet.

What Do Cyberattackers Target?

Cyberattackers are motivated by different goals. For example, they may seek:

  • Financial data (business and customer)
  • Sensitive personal data
  • Customer databases, including personally identifiable information (PII)
  • Email address and login credentials
  • Intellectual property, such as trade secrets and product designs
  • IT infrastructure access
  • U.S. government departments and agencies

Article Sources

Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. Cloudflare. "What is a denial-of-service (DoS) attack?" Accessed Jan. 26, 2022.

  2. Phys.org. "Ongoing cyber attack hits Twitter, Amazon, other top websites (Update)." Accessed Jan. 26, 2022.

  3. IDG Communications. "Hackers create more IoT botnets with Mirai source code." Accessed Jan. 26, 2022.

  4. IBM. "What is a cyber attack?" Accessed Jan. 26, 2022.

Take the Next Step to Invest
×
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.
Service
Name
Description