Dashboard
Account 🔐
Sign Up
Login
Global Leaderboard
Game Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
›
Glossary
›
Tactics & Techniques
›
Denial Of Service
Denial Of Service
Tactics & Techniques
Definition
A Denial of Service (DoS) attack is a cyberattack that aims to disrupt the availability of a system, service, network, or application by overwhelming it with excessive traffic or resource requests, making it unavailable to legitimate users.
Explore More Terms
plink
true-positive-vs-false-positive
hack-and-leak
comment
process_commandline
Examples & Use Cases
## Why It Matters in Practice Availability is one of the core pillars of cybersecurity (CIA Triad). DoS attacks can: - Interrupt business operations - Cause financial losses - Impact customer trust - Distract defenders while other attacks occur Even short outages can severely affect critical services such as banking, healthcare, e-commerce, and government systems. --- ## Types of DoS Attacks - Volumetric Attacks (bandwidth exhaustion) - Protocol Attacks (network stack exhaustion) - Application Layer Attacks (HTTP floods, API abuse) - Distributed Denial of Service (DDoS) using botnets - Reflection & Amplification Attacks (DNS, NTP, Memcached) --- ## Key Points - Targets system availability rather than confidentiality - Often uses large numbers of compromised devices - Can affect websites, APIs, DNS, VPNs, and cloud services - Frequently used for extortion or disruption campaigns - Detection often relies on traffic baselining and anomaly analysis --- ## Common Usages - Flooding a server with HTTP requests - SYN flood attacks against TCP services - Overwhelming DNS infrastructure - API rate exhaustion - Botnet-driven traffic spikes - Layer 7 attacks against login portals --- ## Real-World Example An online retail company experiences a massive surge of malicious traffic during a sales event. Attackers use a botnet to send millions of requests per second, overwhelming the web servers and causing the site to become unavailable for legitimate customers. --- ## Detection & Mitigation Techniques - Rate limiting - Web Application Firewalls (WAF) - CDN-based traffic filtering - Load balancing - Anycast routing - Traffic scrubbing services - SYN cookies and connection limiting - Behavioral anomaly detection --- ## Indicators of a DoS Attack - Sudden spikes in inbound traffic - Increased latency or timeouts - Service unavailability - High CPU or memory utilization - Large numbers of requests from unusual IP ranges - Network saturation alerts --- ## Limitations - Difficult to fully prevent against large-scale attacks - Mitigation can be costly - False positives may block legitimate users - Encrypted traffic inspection adds complexity - Attack traffic may originate from legitimate but compromised systems --- ## Further Reading - [Cloudflare - What is a DDoS Attack?](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/) - [AWS - DDoS Resilience Best Practices](https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/welcome.html) - [CISA - Understanding Denial-of-Service Attacks](https://www.cisa.gov/news-events/news/understanding-denial-service-attacks) - [Microsoft - DDoS Protection Overview](https://learn.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview)
$ Loading KC7 Investigation Interface...
.png)
