Denial of Service (DoS) attacks are malicious attempts to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic.

  • Volume-Based Attacks

These attacks aim to consume the bandwidth of the target network or service.

  • UDP Flood: This attack sends large volumes of UDP packets to random ports. The host checks for applications listening on these ports and responds with ICMP ‘Destination Unreachable’ packets, overwhelming the network.
  • ICMP Flood: Similar to UDP flood, but uses ICMP echo request (ping) packets. IT floods the target with request packets without waiting for replies consuming bandwidth.
  • Protocol Attacks

These attacks exploit vulnerabilities in the protocols that govern network communications.

  • SYN Flood: This attack sends a succession of SYN request to a target’s system to consume enough server resources to make the system unresponsive to legitimate traffic.
  • Ping of Death: The attacker sends malformed or oversized packets using the ping command, crashing the system.
  • Smurf Attack: The attacker sends ICMP echo requests to the broadcast address of a network with a spoofed source address of the target. The replies from the network flood the target.
  • DNS Query Flood: The attacker sends a large number of DNS queries to the target DNS server, consuming its resources and bandwidth.
  • DNS Reflection/Amplification Attack: The attacker sends massive DNS queries with a spoofed source IP address (the target’s IP) to open DNS resolvers. The DNS resolvers then respond to the spoofed IP, creating an attack on the target, by sending large amounts of data.
  • NTP Amplification Attack: The attacker uses NTP servers to send large amounts of data to a target. By using the target’s IP address, the attacker makes the NTP servers do the heavy lifting.
  • Application Layer Attacks

These attacks target the layer where web applications operate, making them the most complex and effective.

  • HTTP Flood: This attack uses seemingly legitimate HTTP GET or POST requests to attack a web server or application. It requires less bandwidth to bring down the target.
  • Slowloris: The attacker sends partial HTTP requests, keeping many connections to the target web server open and holds them open, causing the server to reach its maximum concurrent connection pool and thus denying additional connections from legitimate users.
  • Resource Exhaustion Attacks

These attacks aim to exhaust the resources (CPU, memory) of the target system.

  • XML Bomb: An XML document that can recursively expand to exhaust memory or CPU resources crashing the system.
  • ZIP Bomb: A compressed file designed to expand to a very large size when decompressed, consuming excessive amounts of disk space and memory.
Previous articleLoad Balancing
Next articleSystem Failure Behaviours Explained
Joao Silva
I’m Joao Silva, an Incident Response Analyst who loves everything about cybersecurity. I enjoy tackling practical challenges on platforms like TryHackMe and HackTheBox, and I’m always learning more through industry certifications. My main skills are spotting security risks, analyzing threats, and doing digital forensics. I keep up with the latest technologies and cyber threats to ensure strong security measures. In my spare time, I work on projects to improve server security and automate monitoring. I also like to share my knowledge by publishing content on my website to help others learn. I’m dedicated to protecting data and maintaining system integrity in our constantly changing digital world.

LEAVE A REPLY

Please enter your comment!
Please enter your name here