What is a Denial-of-Service (DoS) Attack & How can you Prevent it?
It’s a wonderful day at the office, all services and servers are working as they should and everything is running smoothly. Until the moment everything starts to get increasingly slower; services become unresponsive and the server’s resources are high, so high that it could crash the services entirely.
Files are not accessible by the company’s staff, or even if they are accessible, they take too long to open. Websites become inaccessible or have a long loading and response time and just like that you have a group of complaining co-workers asking you to fix the slow network and internet connections.
Well, you may think in the beginning that the websites load times may be down to a webserver or ISP problem, so what about your external network traffic? You start to conduct network monitoring and you see lots of packets coming from an unknown source or different sources, could this be a denial of service attack (DoS) or a larger distributed denial of service attack? (DDoS).
Welcome to the world of the DoS attack.
A denial of service (DoS) attack is a flood attack that attempts to make a server unavailable by sending multiple simultaneous requests to its services, eventually rendering it unavailable due to overload.
Back in 90’s when a continuous ping over 65kb could be performed and an O/S would accept this size of pinging packet and the continuous responses would make the end host unreachable. Nowadays, with a newer O/S this type of ping packet size is no longer accepted.
A DoS attack can be done in a number of different ways. The basic types of DoS attack include:
- Flooding the network to stop any existing network traffic.
- Disturbing the connections between two hosts, and preventing access to services.
- Preventing a host from accessing a particular service.
- Interrupting the state of information, for example resetting TCP sessions.
DoS attacks can cause multiple problems such as:
- Rendering services ineffective over the network as they can overload the resources of the server or even worse they can crash the server entirely.
- Rendering services inaccessible due to an overload of requests from other machines (DoS attack).
- Overloading network traffic.
- Dropping the connections on the network between all hosts and services.
How you will realise that a DoS attack is taking place?
- You will notice an unusually slow network performance, including slower than normal access to files or websites.
- An overload of the server and services.
How can this type of situation be avoided?
Well, there are some ways to avoid a DoS attack however this may not entirely eliminate the threat.
Install and keep updated antivirus software on all your computers and servers.
Install firewall software or even better, a hardware firewall in order to restrict packets that are not authorised on your network. The use of a hardware firewall is highly recommended as they are designed to prevent such types of attacks; as they have the necessary hardware (processor and ram) to efficiently and effectively prevent specifically these types of attacks.
A DoS attack can also be performed on email services, as an attacker can send thousands of spam emails to the victim and the mailbox becomes full, and as a result is unable to function correctly and receive any further emails.
Always be ready for this type of situation by keeping your antivirus and firewalls up to date; monitor your network traffic in order to avoid these attacks to avoid potentially significant network downtime.