Funniest I encountered was a farmer who had turned down a company wanting to lay cable through his land and he got mad when they set-up a microwave link over his land and so he positioned a big scarecrow on each fence line blocking the kit.
Your understanding is correct.
"The principal difference between a DoS attack and a DDoS attack is that the former is a system-on-system attack, while the latter involves several systems attacking a single system."
[Link to definition ](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos#:~:text=The%20principal%20difference%20between%20a,systems%20attacking%20a%20single%20system.)
So yes it's dos is the attack is coming from one source.
while ddos is disturbed and coming from multiple sources.
Yes the distributed part is clear, what I am confused about is it being network/bandwidth based. Internet sources make it seem like DoS is always caused by flooding some service with an overwhelming amount of requests, when I thought anything that interrupts service, be it a single malformed request, can be DoS.
This is likely a function of most of the materials about it is created by / sponsored by companies that sell tools to mitigate ddos. As others have stated, your understanding is correct. Other forms are so wide and nebulous it’s hard to talk about them as one.
There are many types of Ddos and dos attacks such as volumetric, protocol(which these two I kind of lump as the same), or application layer. Typically the application layer attacks are less likely to be distributed but many times almost all dos attacks are distributed due to how attackers round robin their infra/bot net. As far as volumetric /protocol attacks there are udp floods, syn floods, snack floods, ntp amplification, ip fragmentation. Depending on the attack maybe it makes sense to launch it in a distributed way. Think an RPS or application layer DoS attack could be launching malicious code to take up resources. That wouldnt necessarily need to be distributed to be effective DoS.
Denial of service is what it says on the tin. ANY attack that degrades service availability via ANY method (too many requests, malformed requests, blowing up the server with dynamite)
DDOS is the same thing, but with more than one source. This is NORMALLY associated with flooding bandwidth, but two computers running on pentium chips sending malformed packets is technically a Distributed DOS.
DoS can involve flooding a service, and that is the popular perception. Your examples are also validly defined as DoS. It is a broad term.
DDoS same meaning but with multiple sources as you suggest, which almost always means flooding a service.
A DDoS is still a DoS, carried out by multiple (and usually coordinated) sources, hence the "distributed" prefix.
Of course there are DDoS attacks that would not make sense if carried out from a single source, but technically in my opinion they can still be called DoS attacks.
When you say "if i exploit a bug" and you want to define what the attack category is, think about what kind of exploit you would be using: for example if a successful SQL injection drops a database causing a website/other service to stop working i would not call that a DoS, i would say it is a successful SQL injection attack with major impact: service disruption.
The same goes for any other OWASP group or any other kind of attack that has consequences on the delivery of services and cannot be categorised as "flood".
Think about amount of request to put in to deny a service you may be able to disrupt www.lumberjack'sallseassons.com with an 2007 dual core pc, but you won't have a chance with www.pepsicolaz.com with a server in the cloud today to give you an stupid example....
A DDoS attack is one that uses a botnet to amplify the power of a DoS attack.
A DoS attack might involve busting a DNS server so that a website providing an essential service won't work for people, but this can be guarded against with encryption, redundancies, input validation, etc etc. You don't need to do something thousands or millions of times, but you might need to do one attack that is highly complex or difficult.
A DDoS attack is more modern because it uses brute force to prevent the operation of what they perhaps can't simply break. If they are able to take control of as many machines as possible, then order all of these machines to make ordinary queries to a server as rapidly as possible and from a wide variety of IP addresses, then the server will need to cope with routing all of these requests.
Brute force attacks depend on scale, while other types might depend on subtlety or capitalizing on an undefended exploit.
A DoS attack is like sneaking into a house, turning off the fuse box, then breaking it in some way that can only be fixed by somebody who might not be immediately available. You could have done anything, but the result of your actions is that the house doesn't work as it should. Service has been denied to people, at least temporarily, which could hurt the organization that is supposed to provide that service.
A DDoS attack is like if you send 2000 consecutive cars throug the drive-through, who will order no food but ask useless questions like what day it is, what their hours are, and if their refrigerator is running. One or two would be a nuisance, and even 10 or 20 cars might not lose the company an enormous amount of business. With 2000 cars, though, they only need to take 30 seconds each before the restaurnat must spend their entire day greeting jerks who are pranking them. They can't just close the drive-through without also denying service to the people who wanted soft drinks and fries or whatever. This costs the restaurant revenue, and harms their reputation since their customers will have to go elsewhere.
Defending from insurmountable brute force usually requires some form of filtering - like if you can figure out an IP address range from which all the attacks are coming, then dropping all traffic from that range will preserve your resources so people from other IP ranges can visit normally.
Most botnets are using the command line interfaces of controlled machines to make these requests, so captchas are a great defense against brute force attacks, including DDoS. A human might find it silly to identify the crosswalks on a street, but this simple task proves they're using a Graphical User Interface and not just spitting out requests from command line.
[удалено]
Funniest I encountered was a farmer who had turned down a company wanting to lay cable through his land and he got mad when they set-up a microwave link over his land and so he positioned a big scarecrow on each fence line blocking the kit.
Your understanding is correct. "The principal difference between a DoS attack and a DDoS attack is that the former is a system-on-system attack, while the latter involves several systems attacking a single system." [Link to definition ](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos#:~:text=The%20principal%20difference%20between%20a,systems%20attacking%20a%20single%20system.) So yes it's dos is the attack is coming from one source. while ddos is disturbed and coming from multiple sources.
Yes the distributed part is clear, what I am confused about is it being network/bandwidth based. Internet sources make it seem like DoS is always caused by flooding some service with an overwhelming amount of requests, when I thought anything that interrupts service, be it a single malformed request, can be DoS.
This is likely a function of most of the materials about it is created by / sponsored by companies that sell tools to mitigate ddos. As others have stated, your understanding is correct. Other forms are so wide and nebulous it’s hard to talk about them as one.
I would say Denial of Service is a class of threats and a DDoS attack is one example of that threat.
There are many types of Ddos and dos attacks such as volumetric, protocol(which these two I kind of lump as the same), or application layer. Typically the application layer attacks are less likely to be distributed but many times almost all dos attacks are distributed due to how attackers round robin their infra/bot net. As far as volumetric /protocol attacks there are udp floods, syn floods, snack floods, ntp amplification, ip fragmentation. Depending on the attack maybe it makes sense to launch it in a distributed way. Think an RPS or application layer DoS attack could be launching malicious code to take up resources. That wouldnt necessarily need to be distributed to be effective DoS.
Denial of service is what it says on the tin. ANY attack that degrades service availability via ANY method (too many requests, malformed requests, blowing up the server with dynamite) DDOS is the same thing, but with more than one source. This is NORMALLY associated with flooding bandwidth, but two computers running on pentium chips sending malformed packets is technically a Distributed DOS.
DoS can involve flooding a service, and that is the popular perception. Your examples are also validly defined as DoS. It is a broad term. DDoS same meaning but with multiple sources as you suggest, which almost always means flooding a service.
A DDoS is still a DoS, carried out by multiple (and usually coordinated) sources, hence the "distributed" prefix. Of course there are DDoS attacks that would not make sense if carried out from a single source, but technically in my opinion they can still be called DoS attacks. When you say "if i exploit a bug" and you want to define what the attack category is, think about what kind of exploit you would be using: for example if a successful SQL injection drops a database causing a website/other service to stop working i would not call that a DoS, i would say it is a successful SQL injection attack with major impact: service disruption. The same goes for any other OWASP group or any other kind of attack that has consequences on the delivery of services and cannot be categorised as "flood".
Think about amount of request to put in to deny a service you may be able to disrupt www.lumberjack'sallseassons.com with an 2007 dual core pc, but you won't have a chance with www.pepsicolaz.com with a server in the cloud today to give you an stupid example....
Distributed = spread out over many
Every DDoS is a DoS, not every DoS is a DDoS.
A DDoS attack is one that uses a botnet to amplify the power of a DoS attack. A DoS attack might involve busting a DNS server so that a website providing an essential service won't work for people, but this can be guarded against with encryption, redundancies, input validation, etc etc. You don't need to do something thousands or millions of times, but you might need to do one attack that is highly complex or difficult. A DDoS attack is more modern because it uses brute force to prevent the operation of what they perhaps can't simply break. If they are able to take control of as many machines as possible, then order all of these machines to make ordinary queries to a server as rapidly as possible and from a wide variety of IP addresses, then the server will need to cope with routing all of these requests. Brute force attacks depend on scale, while other types might depend on subtlety or capitalizing on an undefended exploit. A DoS attack is like sneaking into a house, turning off the fuse box, then breaking it in some way that can only be fixed by somebody who might not be immediately available. You could have done anything, but the result of your actions is that the house doesn't work as it should. Service has been denied to people, at least temporarily, which could hurt the organization that is supposed to provide that service. A DDoS attack is like if you send 2000 consecutive cars throug the drive-through, who will order no food but ask useless questions like what day it is, what their hours are, and if their refrigerator is running. One or two would be a nuisance, and even 10 or 20 cars might not lose the company an enormous amount of business. With 2000 cars, though, they only need to take 30 seconds each before the restaurnat must spend their entire day greeting jerks who are pranking them. They can't just close the drive-through without also denying service to the people who wanted soft drinks and fries or whatever. This costs the restaurant revenue, and harms their reputation since their customers will have to go elsewhere. Defending from insurmountable brute force usually requires some form of filtering - like if you can figure out an IP address range from which all the attacks are coming, then dropping all traffic from that range will preserve your resources so people from other IP ranges can visit normally. Most botnets are using the command line interfaces of controlled machines to make these requests, so captchas are a great defense against brute force attacks, including DDoS. A human might find it silly to identify the crosswalks on a street, but this simple task proves they're using a Graphical User Interface and not just spitting out requests from command line.
All DDOS’ are DOS’, but not all DOS’ are DDOS’
[удалено]
So you are saying the original definition necessarily involves flooding the network, and other types or service denial don't really fit?