DoS vs DDoS
DoS (Denial-of-Service) attack is a type of attack carried out by a single host that denies a certain service to its intended users, by either crashing or flooding the computer that is offering the service. DDoS (Distributed Denial-of-Service) attack is a DoS attack simultaneously carried out by multiple hosts.
What is DoS?
DoS attack is an attempt at making a certain computer resource not available to its legitimate users. Attackers with different motives may carry out DoS attacks through different means, ultimately stopping or limiting the access to an internet site or a service for a short period or permanently. Typically, high-profile web servers used by popular banks, credit card companies and other popular organizations are attacked by DoS attackers.
DoS attacks may be carried out either by making the victim computer use its resources unnecessarily (so it becomes unable to provide its intended service) or the attacker acting as an obstruction between the victim computer and its intended users so that further communication is not possible. Former is possible by the saturation of the victim machine through indefinite number of requests, which will make sure that the computer is unable to respond to its intended users. DoS attacks are against many laws such as Internet proper use policy by IAB, acceptable user policies by many different ISPs and the laws of individual countries. DoS attacks can be caused by attacking any of the network devices including routers, web servers, email servers and Domain Name System servers.
What is DDoS?
A DDoS attack is a type of DoS in which the attack is a result of requests coming from multiple systems (as opposed to just one system). A DDoS attack can be easily carried out by malware. For example, the popular MyDoom malware was used to carry out a DDoS attack on a specific date and time by hardcoding the target IP address. Similarly, a DDoS attack can be carried out by zombie agents hidden inside a Trojan. Also, flaws in automatic systems that listen to outside connections could be used by DDoS attackers to breach the security of a system. For example, the DDoS tool called Stcheldraht used client programs handled by the attacker, to initiate up to thousand zombie agents, who carried out the DDoS attack.
What is the difference between DoS and DDoS?
Any attack focused on denying a service to its intended users can be called a DoS attack. However, if the attack is simultaneously initiated by multiple hosts then it is called a DDoS. But, if the attack is carried out by just a single host, then it is differentiated as a (regular) DoS attack (as opposed to Distributed DoS attack). DDoS has the advantage of being able to generate more attack traffic. Also, it is very difficult to block attacks because there are so many places the requests are coming from. Similarly, it is very difficult to find the actual attacker who initiated the attack (because DDoS attacker can initiate the attack and stay away, while all other infected machines send requests to a single host without realizing that they are now part of an DDoS attack).