In this type of attack the primary goal is to prevent the victim's machine of fulfilling its required job.
Most acts to deny legitimate use of a service can be classed as a denial of service attack.

In most countries (including the USA) Denial of Service attacks is considered a federal crime and guilty attackers can expect lengthy jail time. (you may want to look at CCIPS for legal information in US)


1. Bandwidth Consumption
2. Other Resource Consumption
3. Network connectivity
4. Unauthorized modification of configuration data
5. Physical hardware destruction

Denial of service attacks via Bandwidth

Flooding a network can cause network equipment such as routers and switches to be overwhelmed to such an extent that they start to affect the speed or success of legitimate network traffic. Basically all available bandwidth is consumed and no bandwidth remains for legitimate use.

Commonly a network is flooded by ICMP ECHO packets to try and consume all bandwidth available. In practice it can be any type of packet. These days an attacker cannot simply use one computer to craft an attack in the above fashion. The reason is a single machine probably cannot create enough requests to overwhelm network equipment, hence Distributed Denial of Service Attacks were born where an attacker coordinates several computers to flood a victim.

How are other computers used to attack a victim?

Simple, email viruses/worms spread the payload to potentially millions of computers. Once the payload is "installed" on a computer it can be directed by the attacker to bring down a victims server. This is a reason (if you are a windows user) you MUST use common sense on what email attachments/software you click on. Linux/BSD type users are more protected by the default operating system features but must of course continue to follow common sense (like not run as root! Which many newbie's do!)

Denial of service attacks via other types of resource

Flooding a server such as a web, mail or print server can cause the daemon to drop/refuse legitimate requests to websites, mail boxes or printers respectively. This time whilst the network equipment can handle the large volume of requests the actual serving software may not be able to.

Websites may go down because an attacker is creating a large amount of requests to an HTTP server

A mail server (SMTP/POP etc) can fail if its "mail bombed". This is the act of sending hundreds and thousands of bogus emails in a very short amount of time.

In an office your printing ability can be denied by a malicious co worker or worse a network vulnerability which causes an attack by sending several large printing jobs or perhaps corrupted print jobs that can stall the printer.

Attackers can take advantage of bugs in software which may cause CPU/memory usage to dramatically increase potentially denying access not only its service but to all services offered by that machine.

Denial of service attacks by exploiting network connectivity

In this type of denial of service the attacker attempts to force the server not to communicate on the network and hence denies a service. Do not however confuse this with bandwidth consumption as in this case the attack does not feature around consuming all bandwidth.

Rather the attacker establishes a connection but does it in a way that the connection never completes and at the same time the server may have reserved one of a few kernel data structures to complete the connection but since the connection never completes once the victim runs out of structures new legitimate connections cannot be started. This is called a "SYN FLOOD" attack.

Protecting yourself

Often victims are those on IRC (do not fear however) as this is a perfect medium for an attacker to easily obtain your IP address. The attack has nothing to do with the IRC server/service itself those those administrators are limited on how they can help you. Popular IRC networks hide your IP address to protect you, so its safer to choose one of these networks.

A firewall can stop a limited number of DoS attacks, such a SYN attack. A firewall can also perhaps filter out attacks aimed at exploits in the operating system or on applications. Of course its safer to also install the latest security patches as well.

Firewalls at your "home/office" computer level generally cannot protect against flooding. Your line will be flooded weather or not you have a firewall. However a firewall can reduce the "flood" by blocking your computers replies back down the line. Generally home users are not effect by this sort of flood but that's not to say it cannot happen.

Socially speaking there must be a reason for such attacks, large corporations tend to come under heavy fire with DoS attacks. An example are the attacks launched by a teenager that crippled Amazon and Yahoo! In 2001.