Back to the Blog
Cybersecurity

What Is a Denial-of-Service Attack?

Mark Lukehart

Woman Using Computer in Office

A denial-of-service, or DoS attack, is a significant cybersecurity threat that has significant consequences, both for businesses and the individuals who use their systems. 

The focus of a DoS attack is flooding the target network with requests, preventing legitimate users from accessing it. Here’s what you need to know about DoS attacks and how to prevent them.

Key Takeaways

  • A denial-of-service attack happens when a hacker floods a network with requests, making it unusable
  • Distributed denial-of-service attacks use a network of multiple devices to accomplish this goal.
  • Most DoS attacks fit into one of three categories: volumetric, protocol, or application layer attacks.
  • DoS attacks negatively impact the targeted business and their customers.
  • A managed service provider can help you prevent DoS attacks by reconfiguring your network and installing security measures to keep unwanted traffic out.

What is a Denial-of-Service Attack?

A DoS attack happens when a cybercriminal wants to make a network, website, or service inaccessible to its users. Attackers flood the network with requests or use other strategies to overwhelm it so that administrators and end users can’t log on.

A distributed denial-of-service attack, or DDoS attack, is a DoS attack that uses a network of connected devices to overwhelm the targeted system, rather than an individual device.

Hackers often use DDoS attacks in conjunction with other types of cyberattacks. This DoS attack serves as a distraction for another cyberattack. In physical terms, this is the equivalent of 1,000 people knocking on your front door while someone sneaks in the back door.  

While the system is inaccessible, the hacker exploits its vulnerabilities to reach their end goal. This could be stealing personal information, changing administrative permissions, or even damaging the target system or network.

Hackers often perform DDoS attacks by hijacking devices on a public wifi network and creating a botnet, or a collection of devices that have been infected with malware.  

In addition to hijacking computers, hackers will also use IoT devices like routers and smart home systems to expand their botnet. They will then harness the power of the botnet to flood their target system with requests. 

DoS and DDoS attacks are more common than you might think. In the fourth quarter of 2023 alone, Cloudflare, a highly respected cloud service provider, mitigated over 5.2 million HTTP DDoS attacks.

What Are the Different Types of DoS Attacks?

There are several different types of DoS attacks. Hackers will choose which attack to use based on the specific network they’re targeting.

Volumetric AttacksHackers completely overwhelm the server with requests. The server won’t be able to execute all the requests at once, causing it to time out.
Protocol AttacksHackers exploit a specific protocol to overwhelm the target system with attacks. For example, a SYN flood attack targets the TCN protocol to prevent connection requests from going through
Application Layer AttacksHackers target vulnerabilities at the top layer of the server’s operations where it runs applications and generates web pages. These attacks prevent the web application from running, resulting in a lack of service.

Volumetric Attacks

Volumetric attacks use up the targeted server’s entire bandwidth, making it impossible for anyone else to access it. Flood attacks fall into this category. 

With these attacks, the hacker will completely overwhelm the server with requests. The server won’t be able to execute all the requests at once, causing it to time out.

In order for volumetric attacks to work, the hacker needs access to more bandwidth than their target server has. Volumetric attacks are generally considered to be less sophisticated than other types of DoS attacks, but they are still very dangerous. 

Protocol Attacks

Instead of attacking the server directly, protocol attacks focus on attacking your system’s internet protocols. 

Network layer protocols are used globally to send data packets to their intended destination. Because these protocols are very complex, protocol DoS attacks are difficult to prevent.

In a protocol attack, the hacker will exploit a specific protocol to overwhelm the target system with attacks. One of the most common DoS protocol attacks is a SYN flood, which targets the TCP handshake protocol. 

The hacker sends spoofed SYN packets to the target server, which waits for the next TCP protocol to make a connection.

Since the packets use spoofed IP addresses, the target server won’t be able to connect. The server is unable to distinguish between malicious traffic and legitimate traffic, so it gets stuck trying to complete the request.

Application Layer Attacks

As the name implies, application layer attacks target vulnerabilities at the top layer of the server’s operations where it runs applications and generates web pages. 

For instance, perpetrators of this attack may all hit a specific webpage. These attacks prevent the web application from running, resulting in a lack of service.

A buffer is like a bucket of readable memory on a device. When you add too much data into the bucket, you can cause a device to act in previously unexpected ways. Some of those ways include making a device run an application it’s not allowed to, or changing a user’s permission level from guest to administrator. 

What is the Impact of a DoS Attack?

When they’re successful, DoS attacks can be catastrophic. Not only are these attacks devastating for the businesses targeted, but they can also have a huge impact on the individuals who use their services. Here’s why DoS attacks can be so damaging.

Impact on Businesses

Repairing the damage from a DoS attack can be very costly (the average cost of a DDoS attack in the United States is $218,000)
DoS attacks can temporarily shut down your operations
DoS attacks can cause customers to lose trust in your company

A successful DoS attack can drastically impact a business’s operations and have serious financial consequences. Repairing the damage from a DoS attack can be very costly, especially if you don’t already have an IT partner or in-house IT team that can help. 

You will likely need to reconfigure your systems and increase your mitigation efforts to prevent the problem from happening again.

DoS attacks can cause significant financial damage. the average cost of a DDoS attack in the United States is $218,000 (and that’s not factoring in remediation costs of any associated cyberattacks). DDoS attacks also cause regulatory challenges, particularly for public companies. A cyberattack of this size will likely constitute a material incident, which you will need to report to the SEC and include in your SEC filings. 

Additionally, DoS attacks can cause customers to lose trust in your company. It’s best practice to tell your customers when a DoS attack happens, so they can take steps to protect their data. However, today’s cyber-conscious consumers will be wary of your organization after you’ve experienced a DoS attack.

When word gets out that your systems were compromised, customers may no longer feel comfortable visiting your website or making purchases from you. This results in significant damage to your company’s reputation. 

If you’re unable to gain your customers’ trust back, you’ll lose long-term business and see a loss of revenue.

Impact on Individuals

DoS attacks prevent customers from accessing the platforms they need
DoS attacks can compromise an individual’s sensitive or personal data
Many DDoS attacks lead to secondary cyberattacks that cause data compromises, which can leave individuals vulnerable to identity theft

DoS attacks aren’t just harmful to businesses. They also impact the individuals who are trying to use the systems that have been targeted. These individuals get caught in the crossfire of these digital attacks.

When a DoS attack is taking place, the intended users of the target server won’t be able to access it. This means that individuals may not be able to access the digital services that they need.

When hackers target government, financial, or educational institutions, these DoS attacks prevent their customers from accessing the platforms they need. This can significantly disrupt the individual’s routine and have other long-term consequences. 

For example, if hackers target a bank with their DoS attack, that bank’s customers won’t be able to manage their money online while the attack is happening.

In some cases, hackers will launch a secondary attack in addition to a DoS attack. This secondary attack could put sensitive personal or financial data at risk. In the most extreme cases, this could even lead to identity theft. 

In cases where the stolen identity isn’t corrected right away, the victims could also lose significant amounts of money.

A large-scale DDoS attack conducted in a singular internet provider’s network could be disruptive for other users. This is because the attack could result in a slow or unusable network. 

Tips for Preventing a DoS Attack

While DoS attacks are devastating, there are steps you can take to prevent them. Here are some tips to help you prevent these attacks in the future.

Network Security Measures

The best way to protect your systems from these attacks is to configure your network properly. This will make it more difficult for hackers to overload your systems. There are several strategies you can use to do this.

  • Increase your server capacity and bandwidth. Opt for a web host that offers plenty of bandwidth to handle a large volume of network traffic. Expanding your network resources will make it more difficult for hackers to overload your network.
  • Practice network segmentation. Use firewalls and other structuring techniques to break your network into multiple segments. This ensures that if a hacker attacks your network, they’ll only reach one part of your system, rather than damaging the entire network.
  • Use content distribution networks and load balancers. Content distribution networks (CDNs) and load balancers are both ways to spread your traffic across multiple servers or locations. This helps prevent your entire network from getting overloaded by DoS attacks.

Application Security

In addition to protecting your network, it’s important to take steps to protect your web applications. Start by installing web application firewalls, which are designed to block many different types of cyberattacks at the HTTP application layer. These firewalls are customizable, so you can configure them to suit your system’s needs.

You should also take steps to block unwanted traffic. One way to do this is with rate limiting. This strategy limits the amount of traffic to your site in a specific time period. This minimizes the risk of volumetric attacks from botnets.

Another way to block unwanted traffic is with an access control list. With an access control list, you can limit access to your site for known malicious accounts or IP addresses.

There are also some cybersecurity software programs designed to protect your applications and networks from DoS attacks. These programs are designed to monitor your network for potential threats and take steps to eliminate them. 

Many of these software programs are also cloud-based, which makes them easy to integrate into your existing cybersecurity strategy.

Incident Response Planning

Ideally, your mitigation strategies would completely prevent a DoS attack from happening. Unfortunately, sometimes these attacks slip through the cracks. You’ll need an effective response strategy to protect you if a DoS attack does happen.

The first step is to actively monitor your networks for suspicious activity. Set up your systems to send an alert to your IT team in the event of large traffic spikes or unusual protocol activity. Have a plan in place specifying exactly how you will respond if these alerts go off.

There are several steps you can take to lessen the impact of a DoS attack as it’s in progress. You may be able to keep malicious traffic out by adjusting your rate limiting strategy or access control list.

You can also use a strategy called blackhole routing to ensure that hackers don’t reach your systems. This strategy sends incoming traffic through a null route, or “black hole”, in your site. 

While this strategy is very effective at blocking DDoS attacks, it will also make it difficult for your site’s legitimate users to get in.

You’ll also need a plan in place that details exactly what you’ll do if a DoS attack can’t be stopped. This could include:

  • Verifying that sensitive data is safely backed up
  • Assessing your systems for other cyber attacks
  • Changing internal security credentials
  • Informing your customers and business partners about a potential data breach
  • Taking steps to improve your cybersecurity strategy and prevent future attacks

Your response plan should be tailored to your organization, your customers, and the specific systems you use. With a predefined plan, your team can spring into action when an attack happens and solve the problem faster. You’ll also eliminate any unnecessary confusion.

How Can a Managed Service Provider Help?

For many small businesses, hiring an in-house IT team isn’t financially feasible. However, you’ll need access to IT experts to prevent DDoS attacks. This is where a managed service provider can help you.

A managed service provider, or MSP, is an IT company that provides services to other businesses. In some cases, an MSP will serve as an alternative to an in-house IT department. In other cases, an MSP will work with your in-house IT team to provide additional services.

Here are some of the ways that MSPs help businesses prevent DoS attacks.

  • System configuration: An MSP will help you configure your network and build a cybersecurity strategy that makes sense for your business.
  • Cybersecurity education: Your MSP can teach your entire team about cybersecurity best practices to make you less vulnerable to outside attacks.
  • Ongoing monitoring: Many MSPs offer 24/7 monitoring using intrusion detection systems. This will help you catch potential DoS attacks right away and stop them before they get out of hand.