Denial-of-service attack

DDoS Stacheldraht attack diagram.

In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.[1]

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade.

Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment gateways. Revenge, blackmail[2][3][4] and activism[5] can motivate these attacks.

History

Court testimony shows that the first demonstration of DoS attack was made by Khan C. Smith in 1997 during a DEF CON event, disrupting Internet access to the Las Vegas Strip for over an hour. The release of sample code during the event led to the online attack of Sprint, EarthLink, E-Trade, and other major corporations in the year to follow.[6]

On March 5, 2018, an unnamed customer of the US-based service provider Arbor Networks fell victim to the largest DDoS in history, reaching a peak of about 1.7 terabits per second.[7] The previous record was set a few days earlier, on March 1, 2018, GitHub was hit by an attack of 1.35 terabits per second.[8]

During the Hong Kong anti-extradition protests in June 2019, the messaging app Telegram was subject to a DDoS attack, aimed at preventing protesters from using it to coordinate movements. The founders of Telegram have stated that this attack appears to be that of a "State sized actor" via IP addresses originating in China.