• Home
  • Denial of service attack

Denial of service attack

Denial of service attack

A denial-of-service (DoS) attack is a form of cyberattack in which the attacker seeks to render a computer system, network or online service unavailable to legitimate users. This is achieved by overwhelming the target with excessive or malformed requests, exhausting its resources and preventing normal operation. DoS attacks vary considerably in scale and technique, ranging from sending millions of superfluous requests to flooding a server with invalid data or spoofed traffic designed to disrupt processing.
In a distributed denial-of-service (DDoS) attack, the disruptive traffic originates from numerous machines, making defence significantly more challenging. Because the sources are widely dispersed, blocking any single origin is ineffective. DDoS attacks often rely on networks of compromised devices—botnets—to amplify the scale of the assault. Attackers may be motivated by financial gain, extortion, revenge, competitive sabotage or ideological causes associated with hacktivism.

Historical Development

The earliest widely recognised DoS attack occurred in September 1996 when the Internet service provider Panix was incapacitated for several days by a SYN flood attack. The incident prompted early research into defensive measures. In 1997, a demonstration during a DEF CON conference disrupted internet access across the Las Vegas Strip, illustrating the growing threat. The publication of attack code during this period led to a series of assaults on major corporations.
Over time, attack volume and sophistication increased sharply. A major attack recorded by Google Cloud Platform in 2017 reached unprecedented traffic levels, while later high-profile attacks targeted Amazon Web Services in 2020, Cloudflare in 2021 and Yandex in the same year. Geopolitical tensions have also shaped attack patterns. The Russian invasion of Ukraine in 2022 triggered a surge in state-sponsored and hacktivist-driven DDoS campaigns, affecting government, financial and infrastructure sectors in Ukraine and beyond.
In 2023 and 2024, further large-scale attacks were observed, including record-breaking HTTP/2-based assaults exceeding 200 million requests per second. High-profile targets have included digital platforms, financial institutions and national government websites.

Types of Denial-of-Service Attacks

DoS attacks fall broadly into two categories:

  • Service-crashing attacks, which exploit software vulnerabilities to cause a crash or complete service failure.
  • Flooding attacks, which overload the system’s resources by generating extreme volumes of network traffic or server requests.

Distributed variants are generally the most damaging. A typical DDoS attack employs more than thirty independent nodes, though large botnets may consist of thousands of compromised devices. Attacks may use spoofed IP addresses to conceal their origin and complicate defensive filtering. Simply increasing available bandwidth seldom provides protection, as attackers can proportionally increase their output.
Common DDoS techniques include:

  • UDP flood attacks – overwhelming systems with large volumes of UDP packets.
  • SYN flooding – exploiting the TCP handshake process.
  • Amplification attacks – using vulnerable services to magnify traffic volumes.

Yoyo Attacks

A yoyo attack is a cloud-focused variant of DDoS directed at applications that rely on autoscaling. Attackers generate intermittent traffic surges that trigger expensive scale-out operations, then halt the attack to leave the victim with unnecessary overprovisioned resources. When scaling is reduced, the attacker resumes the traffic flood, generating repeated cycles of instability and financial burden using comparatively little effort.

Application Layer (Layer 7) Attacks

Application layer DDoS attacks target the functions of the application itself rather than the network. These attacks overload specific processes such as login pages, search functions or database queries with the intent of degrading or disabling functionality. Financial institutions are frequent targets, both for disruption and as a diversion from separate security breaches.
Application layer attacks have become increasingly common. Although network-level attacks remain high-capacity, their frequency has declined relative to persistent growth in Layer 7 incidents. These attacks are measured in terms of HTTP requests per second rather than raw traffic volume.

Context within the OSI Model

The OSI model divides communication functions into seven logical layers. DoS and DDoS attacks can target multiple layers:

  • Network-layer attacks (Layers 3–4) focus on packet floods and transport mechanisms.
  • Application-layer attacks (Layer 7) exploit specific features of the service.

Layered targeting complicates defence as different techniques must be deployed simultaneously to address threats across the stack.

Consequences and Mitigation

DoS and DDoS attacks can disrupt business operations, cause financial losses, damage reputations and divert technical teams from other critical tasks. For organisations reliant on online services, even short outages can have severe impacts.
Mitigation strategies include traffic filtering, rate limiting, intrusion detection systems, network redundancy, cloud-based scrubbing services and proactive monitoring. For DDoS attacks, defensive measures often rely on distributing traffic loads, absorbing attacks through large-scale infrastructures and coordinating responses across service providers.

Originally written on January 12, 2017 and last modified on November 24, 2025.
Related
Lake Zurich Lake Zurich
Red River Red River
Himalayas Himalayas
Schizophrenia Schizophrenia
Geostationary orbit Geostationary orbit
Biological determinism Biological determinism

Leave a Reply

Your email address will not be published. Required fields are marked *