FlagHack logoFlag{Hack} Coming Soon

Denial of Service (DoS)

A Denial of Service (DoS) attack is a type of cyber-attack where the attacker tries to make a computer, website, or network resource unavailable to its intended users. The goal is to disrupt the normal functioning of the service, usually by overwhelming it with too much traffic or by exploiting vulnerabilities.

In a DoS attack, the attacker sends a large number of requests to the target (like a website or server). These requests are often so many that the target cannot handle them all at once. As a result, the target becomes slow, unresponsive, or completely crashes.

Variants

There are different ways a DoS attack can be carried out:

  • Flooding: This is the most common method. The attacker sends massive amounts of data or requests to the target, overwhelming it.
  • Crashing: The attacker exploits bugs or vulnerabilities in the target's software, causing it to crash or become unstable.
  • Distributed Denial of Service (DDoS): A more advanced version of a DoS attack is called a Distributed Denial of Service (DDoS) attack. In a DDoS attack, the attacker uses multiple computers (often hacked or infected with malware) to launch the attack. This makes it much harder to stop because the attack is coming from many different places at once.

Impact

DoS attacks can have serious consequences, especially for businesses and organizations. When a website or service is down, customers cannot access it, leading to loss of sales and damage to the company's reputation. In some cases, critical services, like banking or healthcare, may be disrupted, causing significant problems.

Discoverability

The discoverability of a DoS attack can range from easy to difficult depending on the attack type. Simple flood attacks are generally more discoverable due to the sudden, obvious spikes in traffic or resource usage. However, more sophisticated attacks, like Distributed Denial of Service (DDoS) or application-layer attacks, are less discoverable because they can mimic normal traffic patterns, making detection challenging. Overall, the discoverability depends on the attack's complexity and the effectiveness of the monitoring tools in place.

Types

Network Layer Attacks

  • SYN Floods: Exploits the TCP 3-way handshake by sending numerous SYN packets and never completing the handshake (no final ACK). The server waits and exhausts connection slots. Learn more
  • DNS Floods: Sends massive DNS requests to DNS servers, overwhelming their ability to respond. Often used in amplification/reflection attacks. Learn more
  • UDP Floods: Sends floods of UDP packets to random ports. Target replies with ICMP "port unreachable", which eats bandwidth and CPU. Learn more

Application Layer Attacks

  • HTTP Floods: Floods the web server with HTTP GET/POST requests. Mimics real users, sometimes with session cookies and headers to bypass WAFs. Learn more
  • Slowloris: Sends partial HTTP headers and keeps connections open without finishing the request. Ties up threads waiting for completion. Learn more