What is a Denial of Service Attack?

..

Well, one example would be posting enough copies of the same question that other people had trouble getting their questions through.

All resources (whether they are web servers, dns servers, file servers even firewalls and routers) have a finite level of simultaneous connections they can respond to at any one time. An attack that is designed to send so many requests (flood) to a given service such that the service can no longer respond to any other request is called a Denial of Service attack. Another way of looking at it is that the attacker has denied the service to legitimate users.

Most often, the requests come from, or pretend to come from, different source machines to get around checks that may be in place (Distributed Denial of Service). A large number of distributed denial of service attacks use worms/viruses to seed the attack onto many machines which will batter a particular victim at a specific time.

For an example of a Denial of Service attack, let's use an attack that most firewalls can cope with. The SYN flood attack sends TCP connection requests faster than a machine can process.

An attacker creates a random source address for each packet. The SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address. The victim responds to spoofed IP addresses and waits for confirmation that never arrives. The victim's connection table fills up waiting for replies. After the table fills up, all new connections, including legitimate user requests, are ignored. Once an attacker stops flooding the server, it usually goes back to its normal state. Newer operating systems manage resources better, making it more difficult to overflow tables, but still are vulnerable to an attack.

While SYN floods rarely crash servers, they can be used as part of other attacks, such as disabling one side of a connection in TCP hijacking, or by preventing authentication or logging between servers.

H> > > .