DoS and DDoS attacks both aim to disrupt system availability by flooding a target with excessive traffic, but they differ in how the attack is launched and managed.
- DoS (Denial of Service): Originates from a single system, simpler to execute and easier to detect or block
- DDoS (Distributed Denial of Service): Uses multiple compromised systems (botnets), harder to trace and mitigate
- Scale: DoS is limited, while DDoS generates large-scale traffic
- Complexity: DDoS requires coordination and control mechanisms (e.g., botnets)
DOS Attack
A DOS (Denial of Service) attack is a type of cyberattack where one internet-connected computer floods a different computer with traffic, especially a server, to instigate a crash. It always floods the server with requests, which will cause it to either crash or be unavailable to users of the website in question. DOS attacks specifically appear when targeted at a website, making the site unavailable and causing a major disruption of online services.
Key Characteristics
- Single Source: Starts from a single system only, as described above.
- Traffic Volume: Turnover remains high; however, the source remains limited to a single point of origin.
- Traceability: Attack originates from a specific system, making tracing easier compared to a distributed form.
- Blockability: It is more easily blocked since ALL of the traffic comes from one source as opposed to a DDOS attack.
DDOS Attack
Distributed Denial of Service attack follows a similar pattern to DoS attack, but execution involves multiple systems located across different locations working together, with compromised devices often called bots generating and amplifying traffic in parallel to overwhelm the target, making origin tracking difficult and mitigation more challenging.
Key Characteristics
- Multiple Sources: Attack begins from multiple systems, often originating across different environments.
- Traffic Volume: Multiple sources generate much higher traffic volume, resulting in greater impact and increased severity.
- Difficulty in Tracing: Attack launched through multiple computer instances across different locations, making origin difficult to trace.
- Complexity in Blocking: Blocking Distributed Denial of Service attack becomes more challenging due to origins spread across multiple locations.
DoS vs. DDoS Attacks
| DoS (Denial of Service) | DDoS (Distributed Denial of Service) |
|---|---|
| Single system targets victim system | Multiple systems attack victim system |
| Traffic originates from one location | Traffic originates from multiple locations |
| Sends limited volume of packets compared to DDoS | Sends massive volume of traffic to overwhelm target |
| Slower compared to DDoS attacks | Faster and more powerful due to distributed sources |
| Easier to block since only one source is involved | Difficult to block due to multiple attacking sources |
| Easier to trace origin of attack | Very difficult to trace origin |
| Uses single device or tools for attack | Uses multiple compromised devices (botnet) |
| Causes moderate impact on target system | Causes severe impact and complete service disruption |
Examples: Buffer overflow, ICMP flood (Ping of Death), Teardrop, Flooding | Examples: Volumetric, Fragmentation, Application layer, Protocol-based attacks |
DOS and DDOS both are real threats to online services and systems. A DOS attack is when a single system will be attacked while a DDOS attack will have multiple systems attacking the victim hence making it difficult to defend against the attack. Differentiation between these two sociotechnical attacks is critical when preventing-security measures and risks of harm.