Gartner Blog Network


Quick DoS Attack Taxonomy

by Anton Chuvakin  |  June 6, 2012  |  Comments Off on Quick DoS Attack Taxonomy

In order to bring substance to a discussion of denial of service attacks, I cooked a brief attack taxonomy:

  • Crash / non-resource attack
    • DoS vulnerability exploitation for crashing or otherwise degrading IT capabilities.
  • Resource consumption attack
    • Network resource exhaustion of all available upload/download bandwidth across the link that connects the organization to the Internet or other networks.
    • Infrastructure device resource exhaustion (e.g. router/firewall state table overflow) or exhaustion of a particular capability of a network infrastructure components.
    • Target resource exhaustion of a few particular kinds:
      • OS or network layer (e.g. SYN flood) resource exhaustion affects an operating system and typically occurs at transport or internet layer
      • Application layer (e.g. Apache DoS via partial HTTP requests) that affects an application and typical uses application layer of a network communication. Application layer attacks present an extremely wide category, discusses further in the paper
      • Business logic “layer” (e.g. add too many items to a web shopping cart to make the server non-responsive to others) that affects an application and typically utilizes some legitimate application functionality, leading to excessive resource consumption

An astute reader familiar with denial of service attack taxonomies presented in academic research or in vendor literature will note absence of a few types of attack such as “DNS flood”, ACK flood, GET flood, reflexive DoS, amplified DoS, etc. What’s the story with that?

In most cases, the victim really does not care whether the flood hitting its Internet facing servers is launched by an army of bots or amplified by misconfigured systems. In essence, I think that such fine-grained categorization does not add anything to the problem of choosing defense strategies. The above taxonomy is optimized for that problem alone rather than for academic categorization of all possible denial of service attacks.

Finally, please remember that whatever the attack type, one cannot “check the box” for DoS! Most of the DoS defense practices and technologies are about mitigation, not prevention (even though there are things one can do to make their organization more resilient  to such attacks).

Related posts about Denial of Service:

Additional Resources

Category: denial-of-service  security  

Tags: denial-of-service  dos  security  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.