Page 1202 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1202
Denial-of-Service Attacks
Denial-of-service (DoS) attacks are attacks that prevent a system from
processing or responding to legitimate traffic or requests for resources
and objects. A common form of a DoS attack will transmit so many
data packets to a server that it cannot process them all. Other forms of
DoS attacks focus on the exploitation of a known fault or vulnerability
in an operating system, service, or application. Exploiting the fault
often results in a system crash or 100 percent CPU utilization. No
matter what the actual attack consists of, any attack that renders its
victim unable to perform normal activities is a DoS attack. DoS attacks
can result in system crashes, system reboots, data corruption, blockage
of services, and more.
Another form of DoS attack is a distributed denial-of-service (DDoS)
attack. A DDoS attack occurs when multiple systems attack a single
system at the same time. For example, a group of attackers could
launch coordinated attacks against a single system. More often today,
though, an attacker will compromise several systems and use them as
launching platforms against the victims. Attackers commonly use
botnets to launch DDoS attacks.
DoS attacks are typically aimed at internet-facing system.
In other words, if attackers can access a system via the internet, it
is highly susceptible to a DoS attack. In contrast, DoS attacks are
not common for internal systems that are not directly accessible
via the internet. Similarly, many DDoS attacks target internet-
facing systems.
A distributed reflective denial-of-service (DRDoS) attack is a variant
of a DoS. It uses a reflected approach to an attack. In other words, it
doesn’t attack the victim directly, but instead manipulates traffic or a
network service so that the attacks are reflected back to the victim
from other sources. Domain Name System (DNS) poisoning attacks
(covered in Chapter 12) and smurf attacks (covered later in this
