A DoS attack uses a computer to overwhelm a system with data requests to the point the system crashes. A DDoS attack has the same goal but uses an entire network of computers, making the attack much harder to stop.
DDoS and DoS attacks are some of the most common cyberattacks we see, but how do they actually work? We’ll break each one down and look at how they differ, plus how you can protect yourself from both.
What Is a DoS Attack?
A DoS (Denial of Service) attack overwhelms a system with requests for data, eventually flooding it with so many inputs that it crashes, unable to keep up. This commonly happens with web pages, ultimately resulting in the web page shutting down and being unresponsive, denying users whatever service that website can usually provide—hence the name “denial of service” attack.
Unlike a DDoS attack, a DoS attack uses only one source to overwhelm the system. It’s one computer with one internet connection sending a flood of requests with the goal of crashing the target system.
One common type of DoS attack is called a “buffer overflow” attack. According to Microsoft:
“A buffer overflow collects additional data when a program’s volume surpasses its memory capacity. An example would be if a program is written to expect 10 bytes of data and a request contains 15 bytes, the five extra bytes will go into the buffer overflow. Overloading a buffer overflow can cause a program to behave unpredictably or crash. A buffer overflow attack sends requests that overload the buffer overflow and make the system crash, which can make it unusable.”
Because DoS attacks tend to be small-scale, they usually target smaller websites and individuals with more limited resources than big corporate websites like, say, Amazon or Google.
The good news is that since they come from a single source, DoS attacks are easier to stop than DDoS attacks. There’s only one source, so once the DoS source is identified, it can be blocked (often by IP address) to halt the attack.
What Is a DDoS Attack, and How Does It Work?
DDoS (Distributed Denial of Service) attacks have the same goal as DoS attacks but are conducted using a network of internet-connected computers to flood a target server from multiple points, hammering it with much more traffic than a typical DoS attack could manage.
DDoS attacks are often executed with a botnet, a network of computers under the attacker’s control, usually by means of a malware or virus infection that lets the attacker use a host computer’s resources. Cyber attackers will infect multiple computers over time, building up a network of machines, then conduct a DDoS attack once they have enough computing power at their disposal.
Because they can bring so much more power to bear than a DoS attack, DDoS attacks can also be used in conjunction with ransomware attacks by bad actors who render a system inoperable until they’re paid a ransom. They’re also harder to track since they use multiple devices that could be anywhere in the world with an internet connection. For that reason, DDoS attacks are considered a higher threat than a typical DoS attack.
Common forms of DDoS attacks include volume-based (or volumetric) attacks and DNS server attacks. Volumetric attacks target a network’s bandwidth and clog it with requests. A DNS server attack breaks into the system’s DNS (domain name system) servers, fakes IP (internet protocol) addresses, then uses those fake IP addresses to send tons of bogus information and overwhelm the target server.
DDoS vs. DoS Attacks: The Differences
To recap, there are a few key differences between DDoS and DoS attacks:
- Number of machines involved – DoS attacks use one device and one internet connection, while DDoS attacks use several—as many as the attacker can get their hands on.
- Threat level – DoS attacks are generally considered less of a threat than DDoS attacks because there’s only one source, which can be blocked once traced.
- Malware usage – DoS attacks don’t usually involve malware, while DDoS attacks can use malware to infect computers and form a botnet.
- Difficulty level – DoS attacks are easier to conduct than DDoS attacks because all it takes is one machine and an internet connection.
It’s also more difficult to protect against a DDoS attack than a DoS attack since a DDoS attack can hit a system from so many more points, sending much more data than a DoS attack at once.
How to Protect Yourself From DDoS and DoS Attacks
As per usual when talking about cyber threats, the best defense is to make yourself as difficult a target as you can. Make sure your antivirus and anti-malware software is up to date. Don’t click on suspicious links. Check that the websites you visit use TLS or SSL encryption (look for the little lock icon next to the URL) and if possible, turn on “https” browsing for all pages you visit.
At the organizational level (businesses, institutions, etc.), configuring a firewall that only lets trusted IP addresses through is also a good solution. Cisco has a guide on how to do that. You can also invest in tools like load balancers, firewalls, and user authentication. Limiting the number of access points to the internet can also limit the entry points into your system for malicious hackers.
Once security measures and a threat mitigation plan are in place, regularly test your security to make sure it’s still strong and seal up any weaknesses you may find. Sunny Valley Networks has detailed measures a business can take to keep its data safe. And every business should be taking measures — it’s a lot harder to repair the damage afterward than it is to mount a strong preemptive defense.
The Best Antivirus Software of 2023
Best Antivirus Software Overall
Bitdefender Internet Security
Best Free Antivirus Software
Avira Free Security
Best Antivirus Software for Windows
Malwarebytes Premium
Best Antivirus Software for Mac
Intego Mac Internet Security X9
Best Antivirus Software for Android