Denial of service attack
Overview
A "denial of service (DOS) attack" is any attack whose purpose is to bring the service down. There are several ways someone might attempt this:
- Make a whole lot of requests very quickly. The volume of data and work that needs to be done in response to these requests will overwhelm the system and bring it down.
- Make too many of a particular type of request that is expensive. A handful of the wrong kinds of requests can cause a critical resource to fail and bring down the entire system.
- Make requests that avoid the cache. This is of particular note because it is often unexpected. A clever attacker can try to bypass the cache designed to handle large loads by requesting a variety of obscure data that no one else uses.
A "distributed denial of service (DDOS) attack" is different than a DOS attack only in that the people making the requests are spread all over the internet, making certain remedies difficult to implement.
Protection
- Set an absolute limit, and refuse to handle anything beyond that. Although the service may become unavailable to the general public, at least something more catastrophic won't occur. Also, if you know your limit, you can anticipate attackes before they hit their peak and respond appropriately.
- Use caching. Multiple requests to the same resource won't be as intensive.
- Automated black listing. A single host who is attacking can easily be blocked, but it must be done automatically and quickly. If done properly, even a DDOS attack can be thwarted in this way.
DOS attacks remain one of the most difficult attacks to protect against, so these measures are by no means sufficient.
Some DOS attacks are really brute-force attacks gone wrong.