What is a Denial of Service Attack?

A denial of service (DoS) attack is an attempt to make a website or another Internet resource unavailable to users. Denial of service attacks may be very costly, as businesses lose money and customers every hour they are unavailable; they are generally illegal, and they also violate the Internet Architecture Board's proper use policy. The traditional denial of service attack is executed by flooding the targeted server with dummy requests, overloading it and preventing it from handling legitimate traffic; other types of attacks include severing the network connection entirely, crashing the server, or shutting down the service for one particular person or group.

Denial of service attacks based on traffic overload are usually very easy to launch; the primary requirement is large amounts of bandwidth. If the target server is flooded with more requests for data than it has bandwidth for, valid requests will be unable to get through, and the server's owner may also be billed for excessive bandwidth usage. Variations on this include the distributed denial of service (DDoS) attack, which involves hijacking a large network of computers, and then programming them all to flood the same target. This can be done using viruses, worms, or other malware, which may be programmed to attack and bring down a specific website.

Various network tricks can also be used to launch a denial of service attack, such as sending an oversized packet in several pieces; the target server will attempt to put them back together, and may crash with an error message. If the server's operating system has an unpatched security hole, it may allow hackers to download the server's data before crashing it, which could endanger sensitive information such as credit card and Social Security numbers. A denial of service “attack” may even be unintentional; websites such as Slashdot, Digg and Reddit frequently deliver huge amounts of traffic to small, relatively unknown websites, which cannot handle all the requests, and shut down. This was originally known as “getting Slashdotted,” although other websites frequently cause this problem.