I bet most of you have seen the terms DoS and DDoS at least once.
Some of you might think that they are the same terms, which is kind of true, but not in all.

These two attacks can have the same methods directed to denial-of-service of some of the resources but there is a main difference:

A Denial-Of-Service (DoS) attack involves a SINGLE system flooding a server with a large amount of traffic with the goal to overwhelm and crash a target server or network.

A Distributed Denial-Of-Service attack involves MULTIPLE systems (aka botnets/bots) flooding a server with a large amount of traffic with the goal to overwhelm and crash a target server or network.

Huh, now we can see the difference and come to the conclusion that DDoS is more comprehensive and difficult to defend compared with DoS.

Because it is always easier to mitigate an attack from one source and much less harmful than fighting with “thousands of zombie devices”, probably most current companies or even gaming servers don’t feel any impact of DoS attacks because nowadays almost everybody is using additional layers of network security and/or using connectivity cloud services (ex. Cloudflare) how can mitigate it automatically without any impact.

In my experience, DoS is more style of script-kiddie or some person who doesn’t have enough knowledge or resources to build and spread a botnet army or at least pay for this service. (Remember DoS and DDoS illegal actions and can cause you problems with the law)

Types of DoS/DDoS attacks

  • A SYN Flooding Attack is a basic type of DoS attack that sends multiple connection requests to a server but then does not respond to complete the handshake, which overwhelms the server.
  • A Teardrop Attack is a type of DoS attack that disrupts systems by sending countless Internet Protocol  (IP) packets with overlapping data, causing crashes or instability as they can’t be reassembled properly.
  • An IP Fragmentation Attack is a DoS attack that overwhelms systems by sending fragmented packets with deceptive or incorrect information(altered network), causing confusion and potentially crashing the target system’s ability to reassemble the packets correctly.
  • A Volumetric Attack is a type of DDoS attack that targets bandwidth resources. An attacker can send many ICMP echo requests(UDP/HTTP floods as well) from the botnet server to disturb the server.
  • A DNS Amplification Attack is a reflection-based volumetric distributed DDoS attack that exploits vulnerabilities in the Domain Name System (DNS) protocol. In this attack, the attacker sends many DNS queries with a spoofed source IP address to open DNS resolvers.
  • A Protocol Attack is a DDoS attack that targets vulnerabilities or weaknesses in communication protocols (like TCP, UDP) to disrupt or disable systems or networks, exploiting flaws in how these protocols function.
  • An Application-Based Attack is a type of DDoS attack that targets Layer 7 (Application) of the OSI model where common internet requests such as HTTP GET and HTTP POST occur.

Conclusion

Well, in this article we figure out what is DoS and what DDoS means, the main difference between them, and the type of DoS/DDoS attacks.

In the next articles, I would like to cover every attack more deeply with essential techniques and preventive measures to mitigate these attacks.

Thank you for reading it and stay safe. © CyberAstral