Denial of Service (DoS) — Disrupting Availability Through Resource Exhaustion
Denial of Service (DoS) is an attack that disrupts the availability of a system, service, or network by exhausting resources or triggering crashes. This SECMONS glossary entry explains how DoS works, how it differs from Distributed Denial of Service (DDoS), and how defenders should approach mitigation.
What Is Denial of Service (DoS)? 🧠
A Denial of Service (DoS) attack is designed to disrupt the availability of a system, application, or network service, making it inaccessible to legitimate users.
Unlike attacks focused on data theft or privilege escalation, DoS targets the availability component of the CIA triad (Confidentiality, Integrity, Availability).
When caused by a software flaw, DoS vulnerabilities are assigned a /glossary/cve/ identifier and classified under the appropriate /glossary/cwe/ category. Severity is evaluated using /glossary/cvss/, typically with high impact on availability (A:H).
How DoS Attacks Work 🔎
DoS attacks may exploit:
- Resource exhaustion (CPU, memory, bandwidth)
- Application logic flaws
- Protocol weaknesses
- Crash-triggering inputs
- Infinite loops or unbounded memory allocation
In vulnerability disclosures tracked under /vulnerabilities/, DoS impact is often described as:
- Service crash
- System freeze
- Process termination
- Application instability
DoS vs DDoS 🔄
| Type | Description |
|---|---|
| DoS | Attack launched from a single source |
| DDoS | Distributed attack from multiple compromised systems |
Distributed Denial of Service (DDoS) attacks leverage botnets or large-scale infrastructure to amplify traffic volume and overwhelm targets.
DDoS attacks are frequently covered under:
Why DoS Matters 🎯
Although DoS does not directly compromise data confidentiality, it can:
- Disrupt critical business operations
- Interrupt customer access
- Impact revenue
- Affect reputation
- Trigger cascading failures in dependent systems
In some cases, DoS attacks are used as a distraction to conceal other activities such as:
Common DoS Vulnerability Types 🔬
| Weakness | Example Impact |
|---|---|
| Unbounded memory allocation | Memory exhaustion |
| Infinite loop condition | CPU exhaustion |
| Malformed input parsing | Application crash |
| Amplification flaw | Network saturation |
Some vulnerabilities enabling DoS may also lead to more severe outcomes if chained with other weaknesses.
Defensive Considerations 🛡️
Mitigating DoS risk involves:
- Rate limiting and traffic shaping
- Web Application Firewalls (WAF)
- DDoS protection services
- Redundant infrastructure
- Auto-scaling capabilities
- Monitoring abnormal traffic spikes
- Rapid patching of crash-triggering vulnerabilities
Operational hardening guidance for availability protection is typically documented under:
Why SECMONS Includes DoS Clearly 📌
Availability is often underestimated compared to data breach risk.
However, disruption of services can have immediate operational consequences.
Clear classification ensures defenders recognize DoS vulnerabilities as legitimate risk factors within broader threat landscapes.
Authoritative References 📎
- MITRE CWE Overview: https://cwe.mitre.org/
- CISA DDoS Guidance: https://www.cisa.gov/