DoS attackCompTIA Security+ Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses CompTIA Security+ Course DoS attack

Tagged: 

This topic contains 7 replies, has 7 voices, and was last updated by  Adam 4 years, 4 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #12000

    KKoscinski
    Participant

    I understand what a DoS attack is, but why would someone want to exhaust available resources on a server for users? Just to cause chaos?

    #12027

    Brian Idol
    Participant

    Yes usually. However there may be times when a DoS attack really has no malicious intent. For example, when http://www.healthcare.gov first came online, the sheer number of connections from legitimate traffic initiated a DoS state.

    Sometimes DoS attacks are launched for political or commercial gain as well. The hacktivist group Anonymous is notorious for attack websites as a form of protest or to prove a point. Usually though DoS attacks are simply to cause chaos and to affirm the fact that the attacker is a complete tool.

    #12062

    mr_clark
    Moderator

    Just adding to what Brian said…two reasons….political/chaos or financial gains.

    I may disagree with your organization’s view on something like abortion, gay rights, political slant, etc so to make you look bad I’ll make it so your systems are unavailable to your customers or staff. Especially if I can do it at a time that will cost you the most and be most publicized. For example, if I could DDoS Amazon for the week before Christmas imagine how much money they would lose and how bad it would look for them in the press, etc.

    Another side to look at for DoS is as a diversion. If I’m targeting your organization and want to keep your systems and security guys busy I might DDoS your websites while at the same time I’m attacking your network from another avenue. Often in the confusion, my ‘real’ attack may be missed or ignored while dealing with the DDoS crisis.

    #12082

    Chambo
    Participant

    Another example on the commercial front is the scenario where of a Business might unethically pay for DoS services to be performed against its major rival (competitor). And a successful DoS to the rival’s site, means that Business increases the chance of gaining the rivals lost custom, and the extra business turning into profit.

    – Chambo

    #12178

    Akash Raghav M
    Participant

    I agree with Mr.Clark.

    If 2 companies are releasing the same product ( or similar to that ) , they might pay you to DDoS the rival company so that their company gets more customers. On the other hand DDoS can be done just to cause chaos like Lizard Squad ( an hacktivist group ) who demanded Ransom to stop their DDoS attack over Sony and XBox during 2014 Christmas.

    DDoS is also a way to test how much the server can withstand the load. And just like Clark said, to cover your actual attack on the target by making them focused on stopping the attack while you break into their company’s system.

    — xMidnightSnowx

    #12236

    Alan Raff
    Participant

    Also something to think about. Say your company has multiple servers: Server A, Server B, and Server C. If your webserver is on Server A, and all you financial information is on Server C, I could launch a DDoS attack on Server A (your webserver) then while all your resources are trying to fix Server A, I could sneak into Server C without you realizing for a good amount of time. By the time you realized I had compromised Server C, it would be too late.

    TLDR: DDoS attacks can be used to cover up other attacks.

    #12390

    Chambo
    Participant

    Must say I love the extra detail everyone, where attacks could originate from a single individual to a Nation State.

    And no doubt there is an equivalent to DDoS attacks in The Art of War:
    http://classics.mit.edu/Tzu/artwar.html

    – Chambo

    #12635

    Adam
    Participant

    Extorsion is another reason.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel