DoS Attacks: What Does “Denial-of-Service” Mean? How Do You Protect Your Organization?
Online shopping. Googling. Social media. Streaming movies and music. Working from home. The internet has become an integral part of our lives, but we sometimes overlook how much we rely on it.
And, as a result, how easily the balance of our lives can be disrupted.
A denial-of-service attack, or “DoS attack,” is a fairly primitive hacker trick. It relies on fake data requests to overwhelm a server and block access to legitimate users.
These assaults are nothing new. But, they’re growing in popularity as an easy and effective attack method, and have impacted many major companies in recent years. So how does a DoS attack work? Why are they so dangerous, and what can businesses do to protect their revenue?
Recommended reading
- How Poshmark Scams Work: Understanding P2P Luxury Fraud
- Spear Phishing: Scam Prevention Tips for Buyers & Sellers
- Angler Phishing: Conning Customers at Business’s Expense
- How to Prevent Push Payment Fraud: Our Top Tips for 2026
- How to Identify Push Payment Fraud: 2026 Tips & Red Flags
- Push Payment Fraud Examples: Real Case Studies for 2026
What is a Denial-of-Service Attack?
- Denial of Service Attack
A Denial of Service attack (or “DoS attack”) is an interruption in an authorized user's access to a computer network. This is often done maliciously by attackers who overload network servers through automated activity.
[noun]/də • nī • əl • ov • sər • vəs/
In simple terms, a DoS attack is an attempt to shut down a site or server by overloading it with fake users or false information. Although it’s often labeled as “hacking,” that’s not really correct. Instead of gaining access to a target’s systems, the idea is to block real users from accessing a specific online resource, such as an email account.
They work because there’s a limit to how much CPU traffic a single system can handle. The DoS perpetrator uses automated programs to flood the targeted server with bogus requests for connection. Successful attacks will either crash the server or slow down access to the point at which legitimate users give up trying to access the site.
DoS tactics have been around for a long time. They’ve been used for many purposes, including both trolling and online activism. But, they can also be a tool for fraudsters, as we’ll see below.
While denial-of-service attacks had fallen out of the headlines for a while, the technique has recently seen a resurgence. One recent report estimates that DOS attacks are expected to increase by over 300% in 2023.
A simple denial-of-service attempt can be launched from a single computer. In contrast, an organized attack that comes from multiple sources is referred to as a distributed denial-of-service, or DDoS.
Why Do DoS Attacks Happen?
Fraudsters sometimes use DoS attacks to distract from security breaches. In other cases, DoS attacks can be used to demand ransom from site owners and can even be deployed as part of state-sanctioned cyber attacks.
Like we referenced above, the reasons for denial-of-service assaults are varied.
Professional attacks may be an attempt to disrupt a competitor’s organization. Or, it may be to protest a social issue, or draw attention to a political cause. They could even be launched out of spite, or as a means of revenge.
In an earlier era of the internet, people commonly set DoS attacks in motion just to prove they could. Recently, we’ve seen more instances in which attacks are motivated by:
Geopolitics
Governments or opposition political parties sometimes use DoS attacks against their enemies. We’ve seen this activity surge since the beginning of the War in Ukraine in particular. Both sides are using DoS attacks to either shut down important websites or block access to crucial servers, hoping to interfere with their opponent’s operations.
Monetary Gain
Extortion is also a common reason behind DoS attacks. Attackers can freeze up a website with fake traffic and blackmail the owner, who must pay to have the site released. Experts worry that this type of attack could be used against hospitals, power grids, or other critical services, where paying the ransom may literally be a matter of life or death.
Distraction
Finally, it’s not uncommon for hackers to use a DoS attack as a distraction for a different, larger operation, such as a security breach. The assault keeps the target’s IT department so focused that the more dangerous crime is not discovered until it’s too late.
How Do Denial-of-Service Attacks Work?
DoS attacks usually manifest as flooding attacks or buffer overflow attacks. Some variants, like “denial-of-inventory” attacks, are specifically used to target eCommerce merchants. Sometimes, DoS events can happen unintentionally, like when a site is overwhelmed by legitimate traffic.
As with most malicious online attacks, there are a variety of techniques for accomplishing the same goal. Most fall back on one of three tactics:
eCommerce merchants can also be targeted by so-called “denial of inventory” attacks, where bad actors use bots to hoard inventory in shopping carts without the intention of ever making a purchase. This reduces items available for purchase by legitimate buyers and, in extreme cases, leads to widespread artificial stockouts.
Symptoms of a DoS Attack
High traffic from suspicious IP addresses, 503 “Service Unavailable” or “Gateway Timeout” errors, or unusually high server loads are common symptoms of a denial-of-service attack. However, being unable to access your site alone isn’t automatic evidence of a DoS attack.
Remember: denial of service can happen for very legitimate reasons. An overloaded server or a system with maxed-out memory do not necessarily indicate malicious activity.
It can be tricky to identify a malicious assault. That makes it important to recognize some of the most common red flags of an attack, including:
- Inability to access a particular network or website
- Unusually slow or irregular network performance
- 503 “Service Unavailable” errors
- Unexplainable spikes in network traffic
- A large number of requests from the same IP address in a short period of time
For the best chance of detecting an attack, you really have to establish a benchmark for typical network activity over a given period of time. Knowing what’s “normal” for a given site enables you to distinguish possible DoS attacks in their early stages.
When creating your baseline, be sure to factor in periods where an increase in traffic volume is to be expected. For instance, if you’re running an eCommerce business, you should expect a surge in activity during the holiday season. Then, once a normal traffic pattern has been established, it will need to be monitored on an ongoing basis.
Is My Site Experiencing a DoS Attack?
Unusually high server loads, sudden spikes in web traffic from suspicious geolocations, and “gateway timeout” errors can all be signs of a DoS attack. But, just because you can’t access your website doesn’t necessarily mean that you’re being targeted.
Hosting provider outages, DNS problems, or server-side hardware issues can sometimes explain why you’re not able to visit your site. Issues with your content management system (CMS), like plugin issues, code errors, or even an expired domain or hosting subscription, could also be more benign culprits.
Other times, you may see spikes in real, legitimate users — perhaps because a reel went viral or your Black Friday ad campaign performed above expectations. If this happens, forget about panicking; go celebrate instead!
Impact of DoS Attacks
A DOS attack can result in losses due to ransoms, lost productivity, brand damage, and chargebacks.
Dealing with denial-of-service attacks can be a serious hassle. Your site may be inaccessible for hours, even days, depending on the scale of the attack. That said, there are also some negative impacts to be aware of even beyond the scope of the attack itself, including:
Save time. Recover revenue. Eliminate fraud attacks.
Request a Demo
Not convinced? Check out these startling DOS attack statistics:
The average duration of a DoS attack
Source: Zayo
Average losses per every minute that a DOS attack persists
Source: Zayo
Increase in DoS attacks between Q1 2024 and Q1 2025
Source: Cloudflare
Largest DoS attack by bandwidth in history
Source: Cloudflare
detected during the largest DoS attack as ranked by requests per second
Source: Google Cloud
How to Prevent DoS Attacks
Routine software updates, coupled with complementary network protection tools like antivirus software and firewalls, can help you prevent the bulk of DoS attacks.
So, we’ve explored questions like “What is a denial of service attack?” and “How can denial of service attacks affect you?” Now, it’s time to move on to the $64,000 question: “How do I protect my business from denial-of-service (dos) attacks?”
Just like with preventing chargebacks, no single solution can completely cure your DoS woes. Instead, you’ll be best protected when you take several complementary measures at once. Specifically, you should:
What DoS Attack Prevention Tools Are There?
When it comes to tools specifically aimed at DoS prevention, you have two options. The first is a web application firewall, or WAF.
A WAF can complement your network firewall by blocking malicious HTTP requests that make it through your network firewall. Think about it like a secondary layer of defense that specifically protects your web apps and servers.
The second option for DOS attack prevention is to use a DoS mitigation provider, like Cloudflare, Akami, Radware, Imperva, or Lumen. In terms of pricing, these solutions can range from free (like Cloudflare) to thousands of dollars a month. The best option for you will depend on factors including your risk exposure, your monthly revenue, and your product vertical.
Again, there’s no killer app that is going to give you 100% protection against DOS attacks. But, these tools can help shield your business against volumetric, protocol, and application layer DoS attacks.
You Just Experienced a DoS Attack. Here’s How You Should Respond.
To respond to a DOS attack, you should notify your hosting provider, set up a “maintenance” page, scan for additional breaches, communicate across all customer service channels, and document the incident thoroughly.
In the aftermath of a DoS attack, every second counts. You can’t spend precious time looking for solutions.
What you need are actionable steps that you can implement now. So, here’s what you need to do:
DoS Attack Management: A Long-Term Process
DoS attacks were once the go-to technique that cybercriminals and online activists alike relied on to disrupt the normal operation of digital services. As more sophisticated tools became available, interest in DoS attacks seemed to wane. But, they’re becoming popular once again.
These assaults may not directly cause the loss of money or data-related assets. However, they still end up costing organizations significant amounts of time and resources, and may lead to customer disputes and chargebacks.
The most effective method of DoS mitigation is to prevent attacks from happening in the first place.
Up-to-date systems and virus protection tools, employee training, and vigilance are all good methods of combating DoS attacks. Even if an attack is successful, having a response and recovery plan already in place can limit the impact.
In fact, prevention is usually the best way to deal with any type of computer-based crime, including fraud and account takeover attempts. A comprehensive strategy can help identify threats before they happen, and protect your business and revenue. To learn how we can help, speak to one of our experts today.
FAQs
What does a denial of service attack do?
DoS attacks are designed to slow or block access to your servers by overwhelming the system with too many requests, or slowing it down with malicious software.
What is the difference between DoS and DDoS?
Denial-of-service attacks typically come from one person or machine. Distributed-denial-of-service (DDoS) incidents use multiple machines, IP addresses, and systems, making it almost impossible to trace the actual attacker (or attackers).
How long will a DoS attack last?
The duration of a denial-of-service attack will vary by the tactics and techniques used. It’s also in flux right now, as there has been a surge in DoS activity following the war in Ukraine. In Q2 of 2021, the average DoS attack lasted 30 minutes. One year later, the average is more than 48 hours.
Can DoS attacks be stopped?
Simple DoS attacks can often be blocked through vigilance and good overall network security. More sophisticated assaults can be more difficult, though. Keep in mind that your host internet service provider should also have measures in place to prevent or stop DoS attacks.
Why do DoS attacks still work?
The basic reason is that online servers and systems have a limit to how much traffic they can process at one time. As long as attackers have more memory and processing speed, they can typically find a way to commit DoS attacks.
Is a DoS attack a crime?
Yes. According to the FBI and other law enforcement agencies, denial of service attacks fall under the category of cybercrimes, and perpetrators are routinely jailed for the activity.
What are the four types of DoS attacks?
There are three, rather than four, main types of denial-of-service (DoS) attacks. They are volumetric attacks, protocol attacks, and application attacks.
What is a real life example of a DoS attack?
One real-life example of a denial-of-service (DoS) attack occurred in May 2025 when network security company Cloudflare successfully blocked a 7.3 terabits per second (Tbps) attack, the largest ever recorded.
How are DoS attacks executed?
DoS attacks are executed by overwhelming a target system's resources with an excessive volume of traffic or resource-intensive requests. This prevents the system from handling legitimate user requests.
