Denial of service

Many attacks on computer security try to get the computer to do something for the Evildoer, perhaps give him or her data that he/she is not authorised to have &mdash; credit card numbers, medical records, military secrets, ... &mdash; or let him or her perform some computer-mediated action &mdash; make bank withdrawals from other peoples' accounts, launch some nuclear missiles, or whatever. A denial of service, or DOS or DoS, attack does not do that; it just tries to deny normal computer services to the authorised users.

Many DoS attacks are flooding attacks; if I send you 10,000 emails, your normal email will likely not get through. 100,000,000 might take out not only your personal mail, but the whole mail server. However, not all DoS attacks involve flooding; maybe I can construct a really evil mail message, deliberately breaking the rules for mail formats in such a way that your mail server or your mail-reading software will crash when it tries to process the beast. Either way, I'm denying you mail service.

In general, this is easier than other attacks, like trying to read your mail or produce forged mail that appears to be from you. Unfortunately, those aren't necessarily hard either, but that's another topic.

It is fairly common for attackers to take over a few tens of thousands of insecure machines. The "owned" machines are "zombies" and the network of them is a botnet, from "robot network". This is now a business; spammers rent time on botnets to send their rubbish. An outfit called "Russian Business Network" were the biggest vendor last I heard. The attackers search blocks of addresses used for broadband Internet, looking for vulnerable machines. Windows boxes are their favorite target; if you run Windows and do not do MS updates, then your machine is guaranteed to be taken over sooner or later.

Given a botnet, you can do a DDoS, Distributed denial of service attack. Have thousands of zombies all hammering away at some website you dislike. The server may crash, and even if it doesn't, normal web services will be disrupted.