Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

9/25/2019
10:00 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Features
50%
50%

The Beginner's Guide to Denial-of-Service Attacks: A Breakdown of Shutdowns

DoS attacks come in many varieties (not just DDoS). This simple set of descriptions will help you understand how they're different - and why each and every one is bad.

(image source: Vladimir Buynevich, via Flickr)
(image source: Vladimir Buynevich, via Flickr)

Many companies have experienced an application-level DoS event without ever being the target of a real attack. Every time a retail company has complained that "so many people came to our site to buy our special product!" they've managed to use marketing to launch a DoS attack against themselves.

In addition to simply DoSsing themselves, companies can find a DoS attack on their application layer that comes in any of several flavors. One of the more insidious, and one that puts application layer DoS in a different category of attacks than the others to ba addressed, is called "low and slow."

How It Works
Low and slow attacks take advantage of the timeout setting of a server — the time between actions before the server "gives up" on a transaction and terminates the session — to generate just enough traffic, just often enough, to keep the application operating at full capacity.

Low and slow attacks are frequently launched using tools with names like Slowloris, which attacks by keeping HTTP sessions barely alive, and R.U.D.Y, which submits form data at an excruciating — but fast enough to keep the session alive — pace.

How to Defend Against It
Application-level attacks can use HTTP headers, HTTP GET, HTTP PUT, or TCP traffic to do their dirty work. Because they don't depend on either massive traffic flows or misshapen packets to be effective, they can be difficult to defend against.

Web application firewalls (WAFs) and, depending on the application's architecture, cloud service firewalls can help, but security teams should work closely with application developers to make sure that legitimate customers — with their legitimate dollars — aren't excluded from transactions.

{Continued on Next Page}

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mauricioraul
50%
50%
mauricioraul,
User Rank: Apprentice
9/27/2019 | 6:56:59 PM
Great article. Minor typo, just fyi
In addition to simply DoSsing themselves, companies can find a DoS attack on their application layer that comes in any of several flavors. One of the more insidious, and one that puts application layer DoS in a different category of attacks than the others to ba addressed, is called "low and slow."
The Edge Cartoon Contest: Need a Lift?
Flash Poll