Denial of Service: Availability Threats

Denial of Service (DoS) threats attack system availability, preventing legitimate users from accessing services or resources. While often associated with volumetric network attacks, DoS threats encompass any attack that degrades or eliminates system availability. In our interconnected world, where businesses depend on continuous system availability, DoS attacks can cause significant financial and operational damage.

Resource exhaustion represents the classic DoS pattern. Attackers might overwhelm network bandwidth with traffic, consume all available memory or CPU cycles, fill disk storage with logs or temporary files, or exhaust connection pools or thread limits. Modern applications face sophisticated resource exhaustion through algorithmic complexity attacks, where small inputs trigger exponentially complex processing.

Application-level DoS attacks exploit business logic or implementation flaws rather than raw resource consumption. Examples include triggering expensive database queries through crafted inputs, causing deadlocks through specific request sequences, exploiting race conditions to corrupt application state, or abusing functionality like password resets to flood users with emails. These attacks often require less resources than volumetric attacks while causing equal disruption.

Defending against DoS requires multiple strategies. Rate limiting prevents single users from consuming excessive resources. Circuit breakers isolate failing components to prevent cascade failures. Elastic scaling automatically provisions additional resources under load. Caching reduces processing requirements for common requests. Geographic distribution provides resilience against regional attacks. Most importantly, systems must be designed with graceful degradation, maintaining core functionality even under attack.