English
Contact Us

The Platform

Solutions

Customers

Partners

Blog

More

Start the Democaret-right

Contact Uscaret-right
caret-left Back

Reveal(x)

The industry's only network detection
and
response platform that delivers the
360-degree
visibility needed to
uncover the cybertruth.

Deployment Model

SaaS-Based Solution >

On-Premises Solution >

Security

Network Detection and Response >

Intrusion Detection System >

Forensics >

Performance

Network Performance Monitoring >

Forensics >
caret-left Back

Solutions

Learn More

Use Cases

Explore By Industry Vertical
caret-left Back

Customers

Customer resources, training,
case studies, and more.

Learn More

Customer Community

Cybersecurity Services

ExtraHop Support
caret-left Back

Partners

Partner resources and information about our channel and technology partners.

Learn More

Work With Us! Become a Partner

Integrations and Automations

Partners
caret-left Back

Blog

Learn More
caret-left Back

About Us

Events & Newsroom

Careers

Resources

caret-left Back

About Us

See what sets ExtraHop apart, from our innovative approach to our corporate culture.

Learn More

Contact Us

caret-left Back

Events & Newsroom

Get the latest news and information.

Learn More

Sign Up for a Live Attack Simulation

Upcoming Webinars and Events

caret-left Back

Careers

We believe in what we're doing. Are you ready to join us?

Learn More

Careers at ExtraHop

Search Openings

Connect on LinkedIn

caret-left Back

Resources

Find white papers, reports, datasheets, and more by exploring our full resource archive.

All Resources

Customer Stories & Case Studies

Ransomware Attacks in 2021: A Retrospective

Cyberattack Glossary

Network Protocols Glossary

Documentation

Firmware

Training Videos

Denial of Service Attack: Definition, Examples, and Prevention

Denial of Service Attack

What Are Denial of Service Attacks?

A denial-of-service (DoS) attack is a tactic for overloading a machine or network to make it unavailable. Attackers achieve this by sending more traffic than the target can handle, causing it to fail—making it unable to provide service to its normal users. Examples of targets might include email, online banking, websites, or any other service relying on a targeted network or computer.

There are different types of DoS attacks such as resource exhaustion and flood attacks. Resource exhaustion attacks cause the targeted infrastructure to use all of its available memory or storage resources, slowing the service's performance or stopping it all together. Flood attacks send an overwhelming number of packets that exceed server capacity.

A distributed denial-of-service (DDoS) is a type of DoS attack where the traffic used to overwhelm the target is coming from many distributed sources. This method means the attack can't be stopped just by blocking the source of traffic.

Botnets are often employed for DDoS attacks.

Types of DDoS Attacks

Smurf Attack

A smurf attack is a DDoS attack that sends packets spoofing the victim's source IP. When devices on the network attempt to respond, the amount of traffic slows the targeted device to the point of being unusable.

SYN Flood

A SYN flood attack opens many connections with the target target server and then never closes them. The attacker, acting as a client, sends a SYN message. When the server responds with a SYN-ACK, the malicious client never sends an ACK message. In this way the server is forced to keep numerous connections open, taxing it's resources until it fails.

Layer 7 DDoS Attack

A Layer 7 DDoS attack (or application attack) targets a specific service instead of an entire network. These are becoming increasingly more common than broad network attacks.

Protection Against Denial of Service Attacks

While DoS attacks are less challenging to stop or prevent, DDoS attacks can still present a serious threat.

Prevent spoofing: Check that traffic has a source address consistent with the set of addresses for its stated site of origin and use filters to stop dial-up connections from spoofing.

Limit broadcasting: Often attacks will send requests to every device on the network, amplifying the attack. Limiting or turning off broadcast forwarding where possible can disrupt attacks. Users can also disable echo and chargen services where possible.

Streamline incident response: Honing your incident response can help your security team respond quickly when DoS attacks are detected.

Protect endpoints: Ensure that all endpoints are patched to eliminate known vulnerabilities. Endpoints capable of running EDR agents should have them installed.

Dial in firewalls: Ensure your firewalls are limiting ingress and egress traffic across the perimeter wherever possible.

Monitor the network: The more you know about what normal inbound traffic looks like, the quicker you'll spot the start of a DDoS attack. Real-time visibility with network detection and response (NDR) is an efficient and reliable way to maintain a profile of what your network should look like (using machine learning) so you can detect suspicious surges immediately.

Denial of Service History

As far as we know, the first DoS attack was a SYN flood attack on the ISP Panix. It's services were down for several days before being restored.

One notable attack targeted the DNS provider Dyn in 2016. The Mirai botnet was used to launch DNS lookup requests from tens of millions of IP addresses, crippling and disrupting service for major sites including The New York Times, Reddit, Amazon, Visa, Paypal, and others.

So far, the largest ever DDoS attack was the 2018 2.3 Tbps attack on AWS Shield.

Related Reading

Learn More About DDoS Attacks

Learn More