The IT Law Wiki

Denial-of-service attack

32,076pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

A denial-of-service attack (DoS) (also called an availability attack) is

one in which an attack from a single source overwhelms a target computer with messages, denying access to legitimate users without actually having to compromise the targeted computer.[1]
[a] method of attack that denies system access to legitimate users without actually having to compromise the targeted system. From a single source, the attack overwhelms the target computers with messages and blocks legitimate traffic. It can prevent one system from being able to exchange data with other systems or prevent the system from using the Internet.[2]
attempts to prevent legitimate users from accessing a resource — in this case a network or website. This is most commonly done by "flooding" a network with information and overloading the server with so many requests for information that it cannot process other, legitimate requests.[3]
involves flooding a targeted system with incoming, useless traffic with the goal of making the attacked network unavailable to its intended users.[4]

Although frequently intentional, a DoS can also occur unintentionally through a misconfigured system.

How it works Edit

The design of the Internet Protocol technology permits the mounting of denial-of-service attacks. Denial-of-service attacks compromise the availability of computer resources.

There are two types of denial-of-service attacks. The first type of attack attempts to damage or destroy computer resources. The second type of attack overloads some system service or exhausts some resource, thus preventing others from using that service.

Viruses and worms are commonly used to launch denial-of-service attacks, which generally flood targeted networks and systems with so much data transmission that regular traffic is either slowed or completely interrupted. Such attacks have been utilized ever since the groundbreaking Morris worm, which brought 10% of the systems connected to the Internet to a halt in November 1988. In 2001, the Code Red worm used a denial-of-service attack to affect millions of computer users by shutting down websites, slowing Internet service, and disrupting business and government operations.

Denial-of-service attacks are very common on the Internet. Malicious attackers shut down websites, reboot computers, or clog networks with junk packets. DOS attacks can be very serious, especially when the attacker is clever enough to launch an ongoing, untraceable attack. Websites serious about security can launch these same attacks against themselves to determine how much damage can be done.

Since the sender is not interested in return traffic, it usually fakes the source addresses in its packets, making it much harder to identify the source of the attack.

References Edit

  1. Technology Assessment: Cybersecurity for Critical Infrastructure Protection, at 185 n.17.
  2. The Smart Grid and Cybersecurity: Regulatory Policy and Issues, at 8 n.29.
  3. Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement, at 3 n.15 (citation omitted).
  4. Antitrust Policy Statement on Sharing of Cybersecurity Information, at 7 n.16.

See also Edit

Also on Fandom

Random Wiki