A denial of service (DoS) attack attempts to prevent legitimate users from accessing information or services. By targeting your computer and your network connection, or the computers and network of the sites you are trying to use, an attacker can prevent you from accessing email, websites, online accounts, banking, root nameservers, or other services. to trust the affected computer.

A common method of attack is to overwhelm the target machine with communication requests so that it cannot respond to legitimate traffic, or responds so slowly that it is effectively unavailable.

During normal network communications using TCP/IP, a user contacts a server with a request to display a web page, download a file, or run an application. The user’s request uses a hello message called SYN. The server responds with its own SYN along with an acknowledgment (ACK), which it received from the user in the initial request, called SYN+ACK. The server then waits for a response or ACK from the user acknowledging that it received the SYN from the server. Once the user responds, the communication connection is established and the data transfer can begin.

In a DoS attack against a server, the attacker sends a SYN request to the server. The server then responds with a SYN+ACK and waits for a response. However, the attacker never responds with the final prerequisite ACK needed to complete the connection.

The server continues to “hold the line open” and wait for a response (which doesn’t arrive), while at the same time receiving more bogus requests and keeping more lines open to receive responses. After a short time, the server runs out of resources and can no longer accept legitimate requests.

A variation of the DoS attack is the Distributed Denial of Service (DDoS) attack. Instead of using one computer, a DDoS can use thousands of remotely controlled zombie computers in a botnet to flood the victim with requests. The sheer number of attackers makes it nearly impossible to locate and block the source of the attack. Most DoS attacks are of the distributed type.

An older type of DoS attack is a Smurf attack. During a smurf attack, the attacker sends a request to a large number of computers and makes it appear that the request is coming from the destination server. Each computer responds to the target server, overwhelming it and causing it to crash or become unavailable. The Smurf attack can be prevented with a properly configured operating system or router, so such attacks are no longer common.

DoS attacks are not limited to wired networks, but can also be used against wireless networks. An attacker can flood the radio frequency (RF) spectrum with enough radiomagnetic interference to prevent a device from communicating effectively with other wireless devices. This attack is rarely seen due to the cost and complexity of the equipment required to flood the RF spectrum.

Some symptoms of a DoS attack include:

• Unusually slow performance when opening files or accessing websites
• Unavailability of a particular website
• Inability to access any website
• Dramatic increase in the number of spam emails received

To prevent DoS attacks, administrators can use firewalls to deny protocols, ports, or IP addresses. Some switches and routers can be configured to detect and respond to DoS by automatically filtering and balancing data traffic rate. Additionally, application front-end hardware and intrusion prevention systems can analyze data packets as they enter the system and identify whether they are regular or dangerous.