Denial of Service (DoS) attacks against web sites occur when an attacker attempts to make the web server, or servers, unavailable to serve up the web sites they host to legitimate visitors. For some time, it was thought that these types of attacks were generally used against large corporations, government sites, and activist sites as a form of protest to disrupt their web presence.
However, more small and medium businesses are beginning to see their online presence disrupted by this type of attack.
Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet - more proof that Web application security is more critical now than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organizations. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. An HTTP Denial of Service attack can also destroy programming and files in affected computer systems. In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.
Examples of Denial of Service attacks launched against web applications include:
Denial of Service attacks are centered around the concept that by overloading a target’s resources, the system will ultimately crash. In the case of a DoS attack against a web application, the software is overloaded by the attack and the application fails to serve web pages properly. To crash a web server running an application, a DoS threat attacks the following services:
In the past, Denial of Service attacks were thought to be a tool used by hacktivists as a form of protest. However recent attacks have shown that Denial of Service attacks can also be way for cyber criminals to profit.
By not proactively working to prevent Dos attacks, you leave your site vulnerable to:
With dotDefender web application firewall you can avoid DoS attacks because dotDefender inspects your HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited.
Architected as plug & play software, dotDefender provides optimal out-of-the-box protection against DoS threats, cross-site scripting, SQL Injection attacks, path traversal and many other web attack techniques.
The reasons dotDefender offers such a comprehensive solution to your web application security needs are:
There are many different ways that an attacker can launch a Denial of Service attack. They range from simply unplugging a server from the network (if they have physical access) to coordinating large armies of zombie computers to launch a large scale distributed attack against their target using:
Most commonly, the following tactics are used in a DoS attack:
(Also known as ICMP flood, Smurf attack, Ping of death, or SYN flood)
Ping flood works by sending the target an overwhelming number of ping packets, usually using the "ping" command. It is very simple to launch and by creating traffic that exceeds the web site’s bandwidth availability, the attack is a success.
A SYN flood sends a flood of TCP/SYN packets using a forged sender address. Since the sender address is not correct, the response in the form of a TCP/SYN-ACK packet never comes leaving a half-open connection. As these connections begin to accumulate, the number of available connections becomes saturated keeping legitimate requests from successfully connecting.
Peer-to-Peer attacks are launched when the attacker causes users to disconnect from their peer-to-peer network and to connect to the victim’s website instead. Like a zombie or botnet attack, several thousand computers may be trying to connect to the victim’s site at once. If enough machines are controlled by the attacker, the overflow of connection requests can easily bring down a web application.
Unlike zombie attacks, there is no botnet so the attacker does not have to communicate with the computers he uses to launch his attack.
While most Denial of Service attacks exploit bandwidth, some rely on software related exploits such as buffer overflows. These attacks cause confusion in the application causing it to fill the disk space or consume all available memory or CPU cycles.
Denial of Service attacks are often random when they are launched against small and medium sized web sites. When a web site is attacked that does not fall into the category of a high profile target (large corporation, government site, or activist site), the reason usually falls within one or more of the following categories:
Unfortunately for the victim, attacks that are unintentional yield many of the same results as those that are launched against a specific target.
dotDefender's unique security approach eliminates the need to learn the specific threats that exist on each web application. The software that runs dotDefender focuses on analyzing the request and the impact it has on the application. Effective web application security is based on three powerful web application security engines:
Pattern Recognition, Session Protection and Signature Knowledgebase.
The Pattern Recognition web application security engine employed by dotDefender effectively protects against malicious behavior such as Denial of Service attacks. The patterns are regular expression-based and designed to efficiently and accurately identify a wide array of application-level attack methods. As a result, dotDefender is characterized by an extremely low false positive rate which is important when dealing with DoS attacks as a false positive will generate the same end-result as a well coordinated DoS threat.
What sets dotDefender apart is that it offers comprehensive protection against Denial of Service and other attacks while being one of the easiest solutions to use.
In just 10 clicks, a web administrator with no security training can have dotDefender up and running. Its predefined rule set offers out-of-the box protection that can be easily managed through a browser-based interface with virtually no impact on your server or web site’s performance.