Denial-of-service attack

A denial-of-service (DoS) attack prevents users from accessing a computer or website.

In a DoS attack, a hacker attempts to overload or shut down a computer, so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for a company.

The most common type of DoS attack involves sending more traffi c to a computer than it can handle. Rudimentary methods include sending outsized data packets or sending email attachments with names that are longer than permitted by the mail programs.

An attack can also exploit the way that a “session” of communications is established when a user fi rst contacts the computer. If the hacker sends many requests for a connection rapidly and then fails to respond to the reply, the bogus requests are left in a buffer for a while. Genuine users’ requests cannot be processed, so that they can’t contact the computer.

Another method is to send an “IP ping” message (message requiring a response from other computers) that appears to come from the victim’s computer. The message goes out to a large number of computers, which all try to respond. The victim is fl ooded with replies and the computer can no longer handle genuine traffi c.

A distributed denial-of-service attack uses numerous computers to launch the attack. Typically, hackers use a virus or Trojan to open a “back door” on other people’s computers and take control of them. These “zombie” computers can be used to launch a coordinated denial-of-service attack.

See Backdoor Trojans, Zombies.

Sophos.com