What is DoS attack?
A Denial of Service (DoS) is a type of attack where the adversary tries to block service to legitimate requests from clients by sending excessive requests to the server.
The excessive requests render the server — that is incapable of handling so many requests at once — unserviceable to legitimate requests, thereby entering a state of denying service to them. The entire network that depends on the server for processed information is halted and the hacker’s motive is achieved.
Following a successful DoS attack, any user trying to access a website that has been targeted will be unable to do so.
Also read: What is a Honeypot attack? How to deploy it
What is DDoS attack?
A DDoS attack is more complex in nature as this attack is aimed at servers that are equipped to handle a lot more requests at once and are not affected by simple DoS attacks.
In the Distributed Denial of Service (DDoS) attack, there are multiple systems that run DoS attacks in synchronization, causing a heavier load to overburden the targeted server.
Similar to DoS, any user trying to access a website after a successful DDoS attack, won’t be able to do so.
Types of DoS/DDoS attacks
There are numerous types of DoS attacks but here we will discuss the four most common types of DoS attacks and how they are carried out.
SYN flood/TCP SYN attack
The attacker takes advantage of a known weakness of the 3-way TCP handshake in this attack. He sends an ‘SYN’ or synchronization packet to the server and when the server sends an acknowledgement (SYN-ACK), he doesn’t respond to it, making the server wait for long periods for receiving a confirmed acknowledgement back. This binds the resources on the server causing it to not cater to any new requests.
ICMP flood/Ping Flood attack/Smurf attack
During the attack, multiple Internet Control Message Protocol (ICMP) echo requests (or pings) are sent to the server very fast without waiting for any response from it.
This overwhelms the server that tries to process each of these pings that are being sent to it and ends up slowing down the entire network.
Perhaps one of the most common DoS attacks, the adversary sends malicious or corrupted data in a volume he knows the server’s buffer won’t be able to sustain.
The buffer then overflows, causing this data to go into another buffer it wasn’t supposed to, corrupting the data that already exists in it.
Ping of Death
An IP packet’s maximum size is 65,536 bytes. The attacker sends a ping to the server that’s greater than 65,536 bytes and knows that the TCP/IP will fragment it and send it over to the server.
At the time of reassembling these fragments, they will form a packet greater than 65,536 bytes and will eventually overflow the buffer, causing the server to crash.