Cyber Security

What Is a Denial of Service Attack? Complete Guide

Photo of author

By Anza Malik

A Denial of Service (DoS) attack is a computer assault where an attacker attempts to make a machine, network service, or resource unavailable to its users by sabotaging its normal operation. This is typically accomplished by flooding the target system with more traffic or requests than it can handle, or by testing vulnerabilities in the system that are heavy on resources until it fails.

In advanced forms, attackers use Distributed Denial of Service (DDoS) attacks, wherein several infected systems (a botnet) attack an unsuspecting victim simultaneously. Because the traffic is coming from different points, it’s much tougher to block using mere filtering of some IP addresses.

DoS attacks are against availability, one of the foundations of security (CIA triad: Confidentiality, Integrity, Availability). They do not seek to steal data or break systems in and of themselves; they seek to deny authorized users access to the service.

How Do DoS Attacks Function?

Attackers strike at critical system resources and overload them. The typical resources that are assaulted are:

  • Network bandwidth (saturating the pipe)
  • Connection tables in firewalls, routers, or servers
  • CPU / memory / application or database server threads
  • Storage or disk I/O (rare, but possible)

Attackers can exploit protocol rules, resource management logic, or vulnerabilities in the way applications handle certain requests based on the method.

Common Mechanisms of Attack

  • Flood attacks / traffic floods: overwhelming a server with enormous packets to saturate bandwidth.
  • Protocol exploits: e.g., TCP SYN flood, numerous half-open connections being shoved onto a server.
  • Layer 7 application-layer attacks: request forwarding that is viewed as regular (e.g., pinging search APIs, logins) but in numbers or patterns so extreme that they starve backend systems.
  • Algorithmic / resource exhaustion attacks: exploiting patterns which cause code paths to hit worst-case complexity, e.g., regular expression Denial of Service (ReDoS).
  • Amplification / reflection attacks: flooding the target with small spoofed queries to open services which respond with massive responses.
  • IoT / botnet-fueled attacks: lots of unprotected devices are enlisted into botnets to create enormous DDoS operations.

For DDoS, a distributed approach (from many sources) allows the attacker to scale magnitude and is harder to trace or block.

Related Link: Cyber-Security in 2025: Types, Threats & How to Stay Safe

Types of Denial of Service (DoS) attacks

1. Volumetric Attacks

Image Credit.

Volumetric attacks are the most common DoS and DDoS attack form. They work by filling the target network with significant traffic, thus depleting the network bandwidth. They can utilize techniques like UDP floods, ICMP floods, or DNS amplification to make legitimate users unable to utilize the service.

2. Protocol Attacks

Image Credit.

Protocol attacks exploit network protocol weaknesses to exhaust server resources. A case in point is the SYN flood attack where incomplete connection requests consume server space, leading to a crash or slow down of the server.

3. Application-Layer Attacks (Layer 7)

Image Credit.

These are application-layer attacks that concern user interaction. Attackers mirror legitimate traffic but at very high volumes, hence being hard to track. They can attack login pages, search functionality, or APIs for the purpose of flooding application logic. 

4. Resource Exhaustion Attacks

Image Credit.

Resource exhaustion attacks aim at CPU, memory, or storage resource depletion exploiting system or software vulnerabilities. It can bring down important services with a very low amount of traffic if these vulnerabilities are successfully exploited.

5. Amplification and Reflection Attacks

Image Credit.

In reflection and amplification attacks, the attackers use third-party servers to reflect and amplify traffic onto the victim. The use of such a method makes the attack stronger while concealing the attacker’s identity, thus more dangerous and harder to block.

6. Botnet-Based Attacks

Image Credit.

Botnet attacks utilize massive networks of infected devices (typically IoT devices) to launch organized, large-scale DDoS attacks. Because the traffic is dispersed over multiple distributed points, it is significantly more difficult to block.

DoS and DDoS attacks continue to grow in frequency and size. Most significant trends:

  • During Q1 2025, Cloudflare mitigated 20.5 million DDoS attacks, an increase of 358% year-over-year.
  • In Q2 2025, hyper-volumetric attacks (over 1 Tbps or over 1 billion packets per second) grew more common Cloudflare blocked 6,500 hyper-volumetric attacks in Q2 2025.
  • Cloudflare reported blocking a 7.3 Tbps attack against a hosting provider in July 2025.
  • Average attack size is growing: Nexusguard saw average attack size grow 69% year-over-year, with maximum attacks hitting nearly 962.2 Gbps
  • 85% of DDoS attacks are under 1 Gbps indicating that attackers favor short-duration, stealthy attacks in hopes of avoiding detection.

These statistics show defending against DoS/DDoS is no longer a theory. It is mission-critical at the enterprise level today.

Why DoS Attacks Matter (Business Impact)

The following represent some of the key reasons why organizations can no longer afford to dismiss DoS/DDoS:

  • Downtime & Loss of Revenue: When a service is out of commission, business transactions stop.
  • Reputation Loss: Customers are loyal if your site doesn’t go down too often.
  • Business Costs: To attack, one must be manned, emergency-level resource-hungry, and mitigation-contractual.
  • Collateral Loss: Attack traffic may strike upstream networks or third-party services you rely on.
  • Regulatory and Contractual Risk: In regulated industries by SLAs or compliance, prolonged downtime comes with penalties.

Because DoS attacks aim at availability, they can be as devastating as data breaches most notably for businesses that require high uptime (e-commerce, finance, SaaS, telco). 

Related Link: What is a Firewall?

Protecting from Denial of Service Attacks

A single measure will not suffice. Layered defense must employ prevention, detection, and response.

1. Network & Infrastructure Defenses

  • Use anti-spoofing filters (e.g. BCP 38) to discard packets with spoofed source IPs.
  • Implement rate limiting, access control lists (ACLs), and ingress/egress filtering on router edges.
  • Construct redundant architecture and employ load balancing so that traffic may redirect if one of the regions is attacked.
  • Use cloud DDoS mitigation / scrubbing services, they take large amounts of malicious traffic beforehand before it hits your origin servers.

2. Protocol & Application Hardening

  • Implement SYN cookies, adjust retransmission and timeout values to counter SYN floods.
  • Disable or lock down amplifiable services (e.g., open DNS resolvers, NTP, memcached) if possible.
  • Deploy a Web Application Firewall (WAF) or API gateway to filter out malicious requests at Layer 7.
  • Deploy rate limiting by user, endpoint, or IP, and utilize CAPTCHA / challenge-response to slow down attackers.
  • Audit and rewrite application code to avoid algorithmic complexity attacks (e.g., don’t use regex patterns vulnerable to ReDoS).

3. Monitoring & Detection

  • Develop baseline traffic profiles and trigger alerts on anomalies (unexplained spikes, protocol anomalies).
  • Utilize Network Detection & Response (NDR) products with AI/ML and anomaly detection to catch low-signal attacks.
  • Monitor both network and application metrics (latency, error rates, request volume).
  • Use logging, alerting, and dashboards as components of your security operations workflow.

4. Incident Response & Preparation

  • Develop a clearly articulated DDoS incident playbook (with escalation paths, responsibilities, external contacts).
  • Pre-arrange emergency mitigation or traffic rerouting with your cloud provider or ISP.
  • Practice DoS incident response with tabletop exercises.
  • Have fallback modes (e.g., degrade non-mission-critical features, go into maintenance mode) to ensure critical service continuity.

5. Operational Hygiene & Best Practices

  • Patch and update systems, especially IoT devices and edge infrastructure.
  • Harden admin interfaces, restrict management access, put them behind VPNs or helper networks.
  • Segment networks and apply least privilege principles.
  • Periodically test defenses and perform stress tests / red teaming to validate DDoS preparedness.

Conclusion

Denial of Service (DoS) attacks, and especially DDoS, remain one of the longest-standing and most dangerous threats to services online. With record-level attack traffic (7+ Tbps) and constantly evolving methods from volumetric floods through algorithmic and application-layer attacks even highly prepared organizations are at risk.

By combining infrastructure-level protection, application hardening, real-time monitoring, and incident readiness, organizations can contain blast radius and recover faster. Availability is a first-class security priority neglecting it invites disruption, loss of trust, and high business damage.

To explore more insights like this, visit our Cyber-security Page.

If you’re passionate about tech, networks, and digital infrastructure, Write for Us and share your voice with our audience.

Email Protection Software: Defending Business Communication

What Is an Insider Threat? Complete Guide