Understanding DoS and DDoS attacks
Published by on January 22, 2016 in CISO Central

If you keep up with security news, you will probably be aware that the majority of cyber issues being reported are data breaches and DDoS attacks.

In the former, hackers break into a network and make off with personal or corporate information, both of which can prove expensive to the firms affected, not only in direct costs, but also in terms of the reputational damage.

In the latter, the attacker aims to disrupt a company by making its website unavailable by flooding it with traffic.

This can be done in one of two ways – a DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack.

Dos vs DDoS

The first of those is not very common these days, and hardly likely to work against a website with modern hosting.

That’s because a DoS attack relies upon just one computer and one internet connection with which to attempt to flood a target server with packets (TCP / UDP). A successful attack would make the server inaccessible to others, thereby blocking the website or whatever else is hosted there, but its reliance on one machine is often its undoing.

A DDoS attack is much more likely to succeed though and its popularity has bred an entire industry of underground service providers who offer their often very effective botnets to anyone willing to pay.

In many respects it is similar to a standard DoS attack but the results are much, much different.

Instead of one computer and one internet connection, the DDoS attack utilises many computers and many connections. The computers behind such an attack are often distributed around the whole world and will be part of what is known as a botnet (a group of hundreds, thousands, or hundreds of thousands of computers that have been infected with a Trojan, thus leaving them at the mercy of a command and control centre that can use them to initiate an attack or send our millions of spam emails).

The main difference between a DDoS attack vs a DoS attack, therefore, is that the target server will be overload by hundreds or even thousands of requests in the case of the former as opposed to just one attacker in the case of the latter.

Therefore it is much, much harder for a server to withstand a DDoS attack as opposed to the simpler DoS incursion.

Leave a Reply

Your email address will not be published. Required fields are marked *