Blog

DDoS/DoS attacks: experience-based insight. Part I

Today everyone knows about DDoS/DoS attacks. The buzz about them is everywhere: on the internet, TV, etc. You don't have to be an experienced user to face the consequences of these attacks, when you visit, for example, a favorite news portal and see the “service is unavailable” message, here it is – the DDoS/DoS attack.
14 October 2014
Cybersecurity testing
Web app testing
The article by a1qa
a1qa

Today everyone knows about DDoS/DoS attacks. The buzz has long spread beyond security testing and is now everywhere: on the internet, TV, etc. You don’t have to be an experienced user to face the consequences of these attacks, when you visit, for example, a favorite news portal and see the “service is unavailable” message, here it is – the DDoS/DoS attack.

Even knowing what the letters DDoS/DoS stand for, do you understand what they mean? DoS means Denial of Service, which is a malicious activity aimed at a web-site to make it unavailable for legitimate users. DDoS means Distributed Denial of Service, which is an attack performed by several computers.

The most often motives for carrying out DDoS/DoS attacks are:

  • Political protest
  • Unfair competition
  • Blackmailing
  • Personal issues

The first DoS attack was registered in September 1996. A few days after the first attack – on September 19th – Carnegie Mellon University computer team of fast response to information security incidents published a brochure about DDoS/DoS attacks. In 1999-2000 when the largest portals like Ebay, Amazon and Yahoo couldn’t handle the attacks the information about them spread around the world. Several years later in 2010 DDoS attacks became notorious again. Hackers started applying them for political protests and attacked the biggest e-commerce systems, like Paypal, Visa and MasteCard. Recently attacks have become more powerful, for example, in 2013 hackers performed a 300 Gbps attack, while in 2014 they reached a record of 400 Gbps.

DoS attack: behind the scenes

Today all attacks can be divided into three big categories depending on the target:

  • Server network connection attacks
  • Server CPU time attacks
  • Server memory attacks

Server’s network connection attacks are aimed at server bandwidth. Hackers generate a huge stream of spurious traffic towards the goals, applying botnet or vulnerable internet servers. The attack can be compared with a traffic jam with stuck ambulance; ambulance here means connections of legitimate clients. On the scheme below you can see how the attacks with vulnerable DNS servers are performed.

From the technical viewpoint channel attacks are very difficult. They shouldn’t run for a long period, otherwise they can harm the hacker’s system itself. Protection against these attacks is very pricey. A company has to buy expensive equipment to detect and block the attacks, or it addresses a 3rd party security provider.

Still, users should understand that this kind of attacks cannot be aimed at a blog, because the cost of the attack performance and the result are not equal.

In the next blog post we’ll cover the topics of server CPU time and server memory attacks.

More Posts

19 April 2022,
by a1qa
5 min read
What prevents companies from boosting eCommerce customer experience: 4 common mistakes
Dreaming of a flawless online shopping journey for your users? Explore 4 widespread situations that hamper achieving this goal.
Cybersecurity testing
Performance testing
Test automation
Usability testing
Clutch awards
23 March 2022,
by a1qa
2 min read
a1qa recognized for cybersecurity expertise by Clutch!
The global online review platform Clutch added a1qa to the Top 15 Penetration Testing Companies for 2022.
Cybersecurity testing
Mobile app security
3 January 2022,
by a1qa
4 min read
Cybersecurity testing: 4 best practices to ensure highly safe IT solutions
Find out 4 cybersecurity tips to release highly secure software and protect end-user data.
Cybersecurity testing
Mobile app testing
streaming services
30 November 2021,
by a1qa
4 min read
Ho ho ho! QA to enable crash-proof streaming platforms for Holidays season
Isn’t it high time to forget about the Christmas rush and truly enjoy the pre-holidays season? Read the article about how to put peak-load anxiety behind by applying rigorous testing of your streaming solution.
Cybersecurity testing
Functional testing
Performance testing
Usability testing
19 August 2021,
by a1qa
4 min read
Cybersecurity: Top 5 questions to ask a QA vendor
What information to request from QA providers to get confident in the complete security of your software and protect end-user sensitive data? Read about that in the article.
Cybersecurity testing
5G impact
31 May 2021,
by a1qa
4 min read
5G network impact on mobile app testing
Check out what 5G connectivity will bring to the IT world and how it will modify mobile app testing.
Cybersecurity testing
Mobile app testing
Performance testing
29 April 2021,
by a1qa
4 min read
Addressing 4 security issues for digital transformation programs
Find out the top 4 safety challenges of digital transformation and a QA playbook to address them and contribute to a higher level of cybersecurity.
Cybersecurity testing
31 March 2021,
by a1qa
4 min read
QA scenario to introduce 6 eCommerce trends in 2021
Discover what trends will rule the eCommerce industry in 2021 and how QA can help implement them with confidence and ease.
Cybersecurity testing
Test automation
25 February 2021,
by a1qa
4 min read
9 QA points for delivering high-quality SaaS-based solutions
In the article, we’ve gathered 9 QA factors relying on the SaaS specifics that may help to perform SaaS testing with ease.
Cloud-based testing
Cybersecurity testing
Functional testing
Performance testing
Test automation

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.