Denial of service attacks come in two types: Denial of Service attacks (DoS) and Distributed Denial of Service attacks (DDoS). A DoS attack is 'an attack in which a third party purposely floods a network or website with traffic in order to prevent legitimate access (“Denial of Service”, 2007)'. A DDoS 'occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually one or more web servers (“Denial-of-service attack”, 2007).' In both cases, system vulnerabilities, hardware and/or software, are exploited to allow an intruder to compromise a system. Today, DDoS attacks carried out by “botnets”, take advantage of multiple compromised personal computers, or “zombies”, to direct a coordinated attack on a target network. Early DoS attacks are well known and can be defended against by robust networking equipment and proper security practices. DDoS botnet attacks of today present a more difficult challenge for network administrators. The perpetrators of botnet attacks have found it to be a very lucrative practice and are constantly evolving their methods as new vulnerabilities arise. A very large botnet can overwhelm the best of defenses. The motivation for botnet attacks vary from extortion to corporate warfare to nationalistic pride. The creators of botnets can be very organized and treat their endeavor as serious business. Fortunately, it appears the awareness of the information security community has reached critical mass in the last few years as many botnet detection and prevention tools have begun to appear in the market from the likes of Google, Tumbleweed and Cisco.
This document is in PDF format. To view it click here.