DOS attacks can come in many forms. As the name suggests, a DOS attack renders a network, host, or other piece of network infrastructure unusable by legitimate users. Typically, a DOS attack works by creating so much work for the infrastructure under attack that legitimate work cannot be performed. In a Synchronize (SYN) flooding attack, the attacker deluges a server with Transmission Control Protocol (TCP) SYN packets, each having a spoofed Internet Protocol (IP) source address. The server, not being able to differentiate between a legitimate SYN and a spoofed SYN, completes the second step of the TCP handshake for a spoofed SYN, allocating data structures and state. The third step of the three-way handshake is never completed by the attacker, leaving an ever-increasing number of partially open connections. The load of SYN packets to be processed and depletion of free memory eventually crashes the server. A related form of attack sends IP fragments to a host but never sends enough fragments to complete a datagram. The attacked host continues to accumulate fragments, waiting in vain for fragments that would complete a datagram, consuming an ever-increasing amount of storage over time. A smurf attack operates by having a large number of innocent hosts respond to Internet Control Message Protocol (ICMP) echo-request packets that contain a spoofed source IP address. This results in a large number of ICMP echo-reply packets being sent to the host whose IP address is being spoofed.
In a Distributed Denial-Of-Service (DDOS) attack, the attacker first gains access to user accounts on numerous hosts across the Internet (for example, by sniffing passwords or by otherwise breaking into a user's account). The attacker then installs and runs a slave program at each compromised site that quietly waits for commands from a master program. With a large number of such slave programs running, the master program then contacts the slave programs, instructing each of them to launch a denial-of-service attack directed at the same target host. The resulting coordinated attack is particularly devastating, since it is coming from so many attacking hosts at the same time.