Introduction: Denial of Service Attacks
A Denial of Service (DoS) attack is a deliberate attempt to make your website or application unavailable to users, such as by flooding it with network traffic. To achieve this, attackers use a variety of techniques that consume large amounts of network bandwidth or tie up other system resources, disrupting access for legitimate users. In its simplest form, a lone attacker uses a single source to execute a DoS attack against a target, as shown in Figure 1.
Figure 1: Diagram of DoS Attack
In a Distributed Denial of Service (DDoS) attack, an attacker uses multiple sources—such as distributed groups of malware infected computers, routers, IoT devices, and other endpoints—to orchestrate an attack against a target. As illustrated in Figure 2, a network of compromised hosts participates in the attack, generating a flood of packets or requests to overwhelm the target.
Figure 2: Diagram of DDoS Attack
DDoS attacks are most common at layers 3, 4, 6, and 7 of the Open Systems Interconnection (OSI) model, which is described in Table 1. Layers 3 and 4 attacks correspond to the Network and Transport layers of the OSI model. We’ll refer to these collectively as infrastructure layer attacks. Layers 6 and 7 attacks correspond to the Presentation and Application layers of the OSI model. We’ll address these together as application layer attacks. Examples of these attack types are discussed in the following sections.
Table 1: Open Systems Interconnection (OSI) Model
| # | Layer | Unit | Description | Vector Examples |
|---|---|---|---|---|
| 7 | Application | Data |
Network process to application |
HTTP floods, DNS query floods |
| 6 | Presentation | Data |
Data representation and encryption |
TLS abuse |
| 5 | Session | Data |
Interhost communication |
N/A |
| 4 | Transport | Segments |
End-to-end connections and reliability |
SYN floods |
| 3 | Network | Packets |
Path determination and logical addressing |
UDP reflection attacks |
| 2 | Data Link | Frames |
Physical addressing |
N/A |
| 1 | Physical | Bits |
Media, signal, and binary transmission |
N/A |
