What are Denial of Service (DoS) attacks? DoS attacks explained
A “denial of service” or DoS attack is used to tie up a website’s resources so that users who need to access the site cannot do so. Many major companies have been the focus of DoS attacks. Because a DoS attack can be easily engineered from nearly any location, finding those responsible can be extremely difficult.
A bit of history: The first DoS attack was done by 13-year-old David Dennis in 1974. Dennis wrote a program using the “external” or “ext” command that forced some computers at a nearby university research lab to power off.
DoS attacks have evolved into the more complex and sophisticated “distributed denial of service” (DDoS) attacks. The biggest attack ever recorded — at that time — targeted code-hosting-service GitHub in 2018. We’ll discuss DDoS attacks in greater detail later in this article.
Attackers include hacktivists (hackers whose activity is aimed at promoting a social or political cause), profit-motivated cybercriminals, and nation states.
Denial of service attacks explained
DoS attacks generally take one of two forms. They either flood web services or crash them.
Flooding is the more common form DoS attack. It occurs when the attacked system is overwhelmed by large amounts of traffic that the server is unable to handle. The system eventually stops.
An ICMP flood — also known as a ping flood — is a type of DoS attack that sends spoofed packets of information that hit every computer in a targeted network, taking advantage of misconfigured network devices.
A SYN flood is a variation that exploits a vulnerability in the TCP connection sequence. This is often referred to as the three-way handshake connection with the host and the server. Here’s how it works:
The targeted server receives a request to begin the handshake. But, in a SYN flood, the handshake is never completed. That leaves the connected port as occupied and unavailable to process further requests. Meanwhile, the cybercriminal continues to send more and more requests, overwhelming all open ports and shutting down the server.
Crash attacks occur less often, when cybercriminals transmit bugs that exploit flaws in the targeted system. The result? The system crashes.
Crash attacks — and flooding attacks — prevent legitimate users from accessing online services such as websites, gaming sites, email, and bank accounts.
How a DoS attack works
Here’s an example. Suppose you wish to visit an e-commerce site in order to shop for a gift. Your computer sends a small packet of information to the website. The packet works as a “hello” – basically, your computer says, “Hi, I’d like to visit you, please let me in.”
When the server receives your computer’s message, it sends a short one back, saying in a sense, “OK, are you real?” Your computer responds — “Yes!” — and communication is established.
The website’s homepage then pops up on your screen, and you can explore the site. Your computer and the server continue communicating as you click links, place orders, and carry out other business.
In a DoS attack, a computer is rigged to send not just one “introduction” to a server, but hundreds or thousands. The server — which cannot tell that the introductions are fake — sends back its usual response, waiting up to a minute in each case to hear a reply. When it gets no reply, the server shuts down the connection, and the computer executing the attack repeats, sending a new batch of fake requests.
DoS attacks mostly affect organizations and how they run in a connected world. For consumers, the attacks hinder their ability to access services and information.
Other types of attacks: DDoS
Distributed denial of service (DDoS) attacks represent the next step in the evolution of DoS attacks as a way of disrupting the Internet. Cybercrimininals began using DDoS attacks around 2000.
Here’s why DDoS attacks have become the weapon of choice for disrupting networks, servers, and websites.
The attacks use large numbers of compromised computers, as well as other electronic devices — such as webcams and smart televisions that make up the ever-increasing Internet of Things — to force the shutdown of the targeted website, server or network.
Security vulnerabilities in Internet-of-Things devices can make them accessible to cybercriminals seeking to anonymously and easily launch DDoS attacks.
In contrast, a DoS attack generally uses a single computer and a single IP address to attack its target, making it easier to defend against.
How to help prevent DoS attacks
If you rely on a website to do business, you probably want to know about DoS attack prevention.
A general rule: The earlier you can identify an attack-in-progress, the quicker you can contain the damage. Here are some things you can do.
Method 1: Get help recognizing attacks
Companies often use technology or anti-DDoS services to help defend themselves. These can help you recognize between legitimate spikes in network traffic and a DDoS attack.
Method 2: Contact your Internet Service provider
If you find your company is under attack, you should notify your Internet Service Provider as soon as possible to determine if your traffic can be rerouted. Having a backup ISP is a good idea, too. Also, consider services that can disperse the massive DDoS traffic among a network of servers. That can help render an attack ineffective.
Method 3: Investigate black hole routing
Internet service providers can use “black hole routing.” It directs excessive traffic into a null route, sometimes referred to as a black hole. This can help prevent the targeted website or network from crashing. The drawback is that both legitimate and illegitimate traffic is rerouted in the same way.
Method 4: Configure firewalls and routers
Firewalls and routers should be configured to reject bogus traffic. Remember to keep your routers and firewalls updated with the latest security patches.
Method 5: Consider front-end hardware
Application front-end hardware that’s integrated into the network before traffic reaches a server can help analyze and screen data packets. The hardware classifies the data as priority, regular, or dangerous as they enter a system. It can also help block threatening data.
How Symantec and Norton can help mitigate against DoS attacks and DDoS attacks
Symantec Complete Website Security with DDoS protection can provide significant protection against DoS attacks and the more destructive DDoS attacks.
Symantec’s protection is easy to implement and does not require any on-site hardware or software and no changes need to be made to your hosting provider or applications. Symantec Complete Website Security’s DDoS protection stops attacks at Symantec’s network and screens out the bogus traffic, while your legitimate users maintain uninterrupted access to your website.
What’s more, Symantec Complete Website Security’s DDoS protection provides comprehensive protection against a variety of DDoS threats such as brute force attacks, spoofing, zero-day DDoS attacks and attacks targeting DNS servers.
If you operate on a smaller scale — say, you operate a basic website offering a service — your chances of becoming a victim of a DDoS attack is probably quite low. Even so, taking certain precautions will help protect you against becoming a victim of any type of attack by hackers.
Here are a few things that can help.
- Keep your security software, operating system, and applications updated. Security updates help patch vulnerabilities which hackers may try to exploit. Consider a trusted security software like Norton Security.
- Consider a router that comes with built-in DDoS protection.
- Look for a website hosting service with an emphasis on security.
Taking simple precautions can make a difference when it comes to your online security. For large organizations, the precautions become far more complex.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.