A Denial-of-Service or DoS attack is a type of cyberattack where a perpetrator attempts to make a single machine or network resource unavailable to its intended users.

The main objective is to disrupt the service such as a website or application by overloading it with traffic or exhausting its resources, forcing it to crash or slow down severely.

How a DoS Attack Works?

A DoS attack generally works in one of two ways:

• Flooding the Target: The attacker sends an enormous stream of irrelevant or fabricated requests to the server or network resource from a single machine. The target becomes so busy trying to handle this junk traffic that it cannot process any legitimate requests from real users.
• Exploiting Vulnerabilities (Crashing Services): The attacker sends a specific, malformed packet of data or sequence of requests that exploits a known weakness (bug or vulnerability) in the target system’s software, causing it to crash or stop functioning altogether.

Common DoS Attack Examples

• SYN Flood: The attacker repeatedly sends a SYN (synchronize) request to a server to initiate a connection but never completes the three-way handshake. This leaves the server with a huge number of “half-open” connections, tying up all its resources until it can’t accept new, legitimate connections.
• Ping of Death: The attacker sends an oversized or malformed Internet Control Message Protocol (ICMP) packet (a “ping“) that exceeds the maximum size allowed, causing the target’s operating system to crash or reboot when it tries to reassemble the packet.

While the DoS attack is the original concept, the DDoS attack is the dominant method used today because it is far more powerful and difficult to stop.