Denial-of-Service (DoS) attacks are among the oldest yet still some of the most destructive forms of cyberattacks. Their goal is to cripple online services by overwhelming network or server infrastructure.
Even a short service outage may result in financial losses, reputational damage and loss of customer trust.
⚠️ What DoS and DDoS attacks are
- DoS (Denial-of-Service): an attack that overloads a single server or application with a massive number of requests.
- DDoS (Distributed Denial-of-Service): a distributed version of DoS — traffic is generated by thousands of compromised devices (botnets).
The objective is to prevent normal operation of online services, such as websites, e-commerce platforms, login systems or APIs.
💥 The most common types of DoS / DDoS attacks
| Attack Type | Description | Example |
|---|---|---|
| Volumetric | Flooding the network with massive amounts of traffic to exhaust bandwidth | UDP Flood, ICMP Flood |
| Protocol-based | Exploiting weaknesses in network protocols | SYN Flood, Ping of Death |
| Application-layer | Targeting web applications directly | HTTP GET/POST Flood, Slowloris |
🛡️ How to prevent DoS attacks
- Traffic filtering: Deploy firewalls and IDS/IPS systems to analyse and block suspicious traffic.
- CDN and load balancing: Distribute traffic across multiple servers to avoid overwhelming a single point.
- Cloud-based DDoS protection: Use services such as Cloudflare, Akamai, AWS Shield, Google Cloud Armor to automatically mitigate attacks.
- Network segmentation: Separate critical infrastructure from public-facing services.
Rule of thumb: the sooner the attack traffic is filtered, the smaller the impact.
🚨 What to do during a DoS attack
- Activate your incident response plan (IR): quickly identify and isolate malicious traffic.
- Traffic management: redirect traffic to alternative servers or enable traffic scrubbing centers.
- Cooperate with your ISP: notify your provider to block the attack at the backbone level.
- Post-incident analysis: review logs, update policies and improve defences after the attack ends.
🧠 How to prepare for the future
- Regularly test the resilience of your infrastructure (e.g., DDoS simulation testing).
- Use monitoring systems (Zabbix, Prometheus, Splunk) to detect sudden traffic spikes.
- Maintain backups of configurations and a working Disaster Recovery Plan (DRP).
- Train your team to recognise early symptoms of an attack.
📊 Real-world example
In 2020, AWS mitigated a DDoS attack reaching 2.3 Tbps, one of the largest in history.
Despite its scale, services remained available thanks to auto-scaling and the AWS Shield protection.
📞 Contact
I help companies design DoS/DDoS resilience strategies, incident response plans and network protection policies in line with NIST SP 800-61 and ISO 27035.
📧 biuro@wichran.pl
📞 +48 515 601 621
Author: Piotr Wichrań – Court IT Expert, Digital Forensics Specialist, IT/OT Cybersecurity Expert, Licensed Private Detective
@Informatyka.Sledcza