Talk:Denial-of-service attack

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search


Use of the phrase script kiddie in the article makes it biased and sounds unencyclopedic. —Preceding unsigned comment added by (talk) 18:01, 18 October 2010 (UTC)

08 Juin 2010[edit]

There are two link on this page (VIPDoS and a Denial of service (Dos)) that link to this same page. —Preceding unsigned comment added by (talk) 01:31, 9 June 2010 (UTC)


Nothing here about motives. Why do people launch the attacks? Call me naive but it might be a useful addition to the article. Spanglej (talk) 01:55, 6 August 2010 (UTC)

people launch those attacks to test the security of their network ( pen testing ) or because they need a life.... —Preceding unsigned comment added by (talk) 19:14, 7 August 2010 (UTC)

Permanent denial-of-service attacks section[edit]

The section seems unclear as a whole and seems to be coming from the ideas of a single individual. In the sources there are references to the firmware update process of embedded devices. While the possibly to exploit limited write cycles in flash memory seems reasonable there is no reference to this in the article and the source does not state which specific devices are affected. Neither there is any information on what kind of access to the device the attacker would have to have. Please clarify and verify the section or remove it. — Preceding unsigned comment added by (talk) 16:40, 3 October 2010‎ (UTC)

Actually overwriting a device's firmware isn't a denial-of-service attack but something much more serious. I'm not sure why this is in this article at all. K7L (talk) 13:02, 25 June 2013 (UTC)
Probably related to the catchy coined name – "permanent denial of service" – used to promote the idea. But yeah, I suppose that using the same rationale as this, setting off a bomb at a business's server location could be included here too; it would certainly deny service. Although the firmware alteration is more closely related to the traditional DoS attack in that it is accomplished remotely by use of software.
The source article is five years old. At that time, it discussed a concept with no known actual occurrences "in the wild". Do we know if there have been any in the interim? Fat&Happy (talk) 16:56, 25 June 2013 (UTC)
The only way to download firmware to a router or network device is with the password to that device. The attack is theoretically possible as some equipment is deployed with default passwords (like "admin/admin" or "root/admin" for residential gateway routers) but isn't DOS as the latter is based on flooding a node with pointless requests and traffic to overload it. The "PDoS" terminology appears to be an HP concoction [1] concocted in 2008 to market that firm's security product. It received some coverage at the time [2] [3] [4] and was then promptly forgotten. Worth a mention somewhere, just not here. Maybe phlashing is a trojan horse (computing) and not a DOS? K7L (talk) 17:19, 25 June 2013 (UTC)

Degradation-of-service slang name[edit]

A common slang name on the internet for a degradation-of-service attack is "bandwidth rape." —Preceding unsigned comment added by (talk) 23:17, 20 October 2010 (UTC)

I don't think that this usage is common enough to be put in the article. Orthogonal1 (talk) 02:57, 28 September 2014 (UTC)

Needs section on legality[edit]

The article should have a section on the legality of DDos. Since the targets are typically public websites, making a connection is not illegal. There have also been claims that DDos can be seen as a legitimate form of protest. It's illegal in the UK [5] pgr94 (talk) 14:35, 28 January 2011 (UTC)

Just spotted the small section at the bottom of the article. It's a start, but could definitely use expanding. pgr94 (talk) 14:47, 28 January 2011 (UTC)

It's my understanding that actively responding (retaliating) to a perceived DDos attacker is illegal in some areas. I would like to see an expansion of that in the Legal section, if appropriate. — Preceding unsigned comment added by (talk) 16:03, 30 June 2011 (UTC)

I added my bit from what I know, although I have stated it informally and it needs editing. (talk) 17:38, 15 March 2012 (UTC)

Distributed attack[edit]

... Simple attacks such as SYN floods may appear with a wide range of source IP addresses, giving the appearance of a well distributed DoS. These flood attacks do not require completion of the TCP three way handshake and attempt to exhaust the destination SYN queue or the server bandwidth. Because the source IP addresses can be trivially spoofed, an attack could come from a limited set of sources, or may even originate from a single host. Stack enhancements such as syn cookies may be effective mitigation against SYN queue flooding, however complete bandwidth exhaustion may require involvement

Punctuation is missing at the end. It would be also interesting what kind of involvement. ENTi (talk) 06:05, 26 May 2011 (UTC)
That was added as you quoted it by Ryanmshea (talk · contribs) on 2010-02-03. I've left a note on their talk page and marked the paragraph. --Kvng (talk) 13:42, 28 May 2011 (UTC)


Stacheldraht seems to be the correct spelling as this is used more. But the image is incorrectly spelt. The incorrect spelling is also in the image. Does anyone know how to correct spelling in an image? QuentinUK (talk) 11:29, 14 June 2011 (UTC)

Misspelling has been noted on the image talk page. --Kvng (talk) 23:03, 18 June 2011 (UTC)


So... Can we get Lulz Security here? I think they are pretty major after today... But there's hype for more to come! *subscribes to all newscasts* (talk) —Preceding undated comment added 23:04, 14 June 2011 (UTC).

Regular expression Denial of Service[edit]

The Regular expression Denial of Service article is only mentioned in the See also section of this article. Maybe it'll help the orphan issue if it was integrated into the "Methods of attack" header? (talk) 05:30, 27 June 2011 (UTC)

My understanding is that DoS attacks are relatively easy to orchestrate, requiring very little sophistication or resources, hence the association with script kiddies. If this is the case, I think it's encyclopedic information and should be mentioned, if only in a line or two in the intro.--Atkinson (talk) 02:52, 11 February 2012 (UTC)


References #3 and #22 look like dead links, need to replace those references. — Preceding unsigned comment added by Sinujutsu (talkcontribs) 21:23, 16 April 2013 (UTC)

Links rot; sometimes they recover. We typically add {{dead link}} just before </ref>. This alerts readers, as well as editors who watch Category:All articles with dead external links. See also WP:Dead links. --Lexein (talk) 08:25, 12 December 2013 (UTC) dubious[edit]

The author's name in cite #28, Carl Abante, appears nowhere on (searched), and not on the domain registration. The site is promoting AbanteCart. --Lexein (talk) 08:25, 12 December 2013 (UTC)

BCP 38[edit]

BCP 38 should be mentioned as a primary means of thwarting these attacks. This also looks useful. I will integrate this when I get time. Anyone else is welcome jump in and do it. ~KvnG 04:00, 26 February 2014 (UTC) gfgg\ — Preceding unsigned comment added by (talk) 20:54, 25 September 2014 (UTC)

Amplification factors[edit]

The amplification factors provided from US-CERT under "Reflected / Spoofed attack" are not absolute. Saying that an attack has an amplification factor of X is like saying it is always 75 degrees in San Diego. It might be, or it might be some other temperature. Recommend expanding this section to clarify that amplification factors are in fact variable and not exactly as provided by US-CERT, although they could be close in many cases. Ddosguru (talk) 11:42, 3 August 2014 (UTC)

Proposed merge with Hit-and-run DDoS[edit]

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.
do not merge

Content fork - overlapping scope and (current) lack of sources establishing independent notability. Arguably correct method should have been WP:SPINOUT. Suggest merge. Widefox; talk 05:50, 9 August 2014 (UTC)

  • Support ~KvnG 14:08, 12 August 2014 (UTC)
We strongly discourage just making a vote. Look at WP:NOTDEMOCRACY.Forbidden User (talk) 15:10, 19 August 2014 (UTC)
  • Oppose (At least now) there are 6 sources for this article, so I'd say that the lack of sources from before is not much of a problem any more. As for content duplication, the only redundant information that I can find in the Hit-and-run DDoS article is the sentence "A DDoS attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service." Orthogonal1 (talk) 02:42, 28 September 2014 (UTC)

The above discussion is closed. Please do not modify it. Subsequent comments should be made in a new section.

Proposed merge with Application layer DDoS attack[edit]

Content fork - overlapping scope and (current) lack of sources (and content - OSI model and DDoS) establishing independent notability. Arguably correct method should have been WP:SPINOUT. Suggest merge. Widefox; talk 06:00, 9 August 2014 (UTC)

  • Support ~KvnG 14:08, 12 August 2014 (UTC)
We strongly discourage just making a vote. Look at WP:NOTDEMOCRACY.
 Done Klbrain (talk) 11:04, 19 June 2017 (UTC)

Is Wikipedia being DoS'd?[edit]

I'm having great difficulty with page loads the last few hours and I'm now seeing a lot of packet loss (via mtr - matt's trace route) in the last couple hops to Anyone seeing the same or different? --Elvey(tc) 02:07, 25 July 2015 (UTC)

I suppose I could post to the technical village pump... Packet loss is high - 10-20% - but is that high enough to cause the page load difficulty I'm seeing (perhaps 8/10 or 9/10 page loads failing). --Elvey(tc) 02:09, 25 July 2015 (UTC)

Renaming to "Denial-of-service network attack"[edit]

What do people think of this? Wikipedia had no coverage of resource exhaustion attacks until I created the page two minutes ago. Denial-of-service attacks are comprised of:

  • resource exhaustion attacks (most notably memory leaks and file descriptor leaks)
  • more discrete and precise DoS attacks such as null pointer dereferences and infinite loops
  • distributed network DoS

This article only covers the network DDoS, and DoS a big enough topic that I think two articles are warranted. Risc64 (talk) 23:35, 1 January 2016 (UTC)


I'm guessing that it may be a smart move to split Denial of Service Attack and Distributed Denial of Service Attack into two different articles.

Also it looks like Denial-of-service attack is getting a little large for an article and should have links to some smaller articles.

FockeWulf FW 190 (talk) 16:13, 13 March 2016 (UTC)

List of tools for DoS attacks and load testing[edit]

It would be helpful to have a list of tools for DoS and load testing in order to improve the articles being verifiable.

This would help with references on the article since there are multiple issues on information being verifiable on weather certain tools actually exist.

Since there's issues with finding references on the tools and this leads to the information being unverifiable.

FockeWulf FW 190 (talk) 21:43, 12 March 2016 (UTC)

I've created a draft for this and hope to see the list increase Draft:List of tools for Denial-of-service attacks.

FockeWulf FW 190 (talk) 21:07, 7 April 2016 (UTC)


If the "United Kingdom is unusual in that it specifically outlawed denial-of-service attacks", attacks would not be illegal in other EU countries. So how could people be arrested for them? Furthermore to say that those "committing criminal denial-of-service attacks may, as a minimum, lead to arrest" reads oddly, arrest is nether a criminal sanction nor an end in itself. People are arrested if they have broken the law and face charges.

Booter/stresser industry[edit]

I've started a section on the booter/stresser phenomenon. Brian Krebs is the leading researcher on this, but more sources are available; I'd appreciate any help with filling out this section. -- The Anome (talk) 13:23, 9 September 2016 (UTC)

Merge from Shrew attack[edit]

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section. A summary of the conclusions reached follows.
The result of this discussion was to merge Laurdecl talk 23:53, 23 December 2016 (UTC)

It seems doubtful that the topic of Shrew attack has a stand-alone notability. I suggest merging this one sentence, which could be expanded to a paragraph at most, here. --Piotr Konieczny aka Prokonsul Piotrus| reply here 05:41, 12 September 2016 (UTC)

The above discussion is closed. Please do not modify it. Subsequent comments should be made in a new section.

Today, the most recent big big DDoS attack![edit]

PS: I was a victim, lost my server online installation process (apt-gets, etc. and github sources) during the attack :-)

--Krauss (talk) 20:08, 21 October 2016 (UTC)

History of attacks[edit]

This article has nothing on the history of this topic. For example, when was the first time an attack occurred? When was the name "denial-of-service attack" coined? Who thought of it? AtHomeIn神戸 (talk) 05:10, 16 January 2017 (UTC)

I don't think we can know for certain the first time a DOS attack occurred, but see this article for a DOS attack which happened in 1974. Orthogonal1 (talk) 21:33, 12 May 2017 (UTC)

Market for Stressers[edit]

I just created the redirect Stresser to this page, I note there is no information about the commercial market for DoS which is marketed as 'stressers'. Deku-shrub (talk) 12:02, 22 August 2017 (UTC)

That's putting the cart before the horse. Do you have any sources that could give us the reliable information we need to add this to the article? ~Kvng (talk) 14:42, 25 August 2017 (UTC)

External links modified[edit]

Hello fellow Wikipedians,

I have just modified one external link on Denial-of-service attack. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

As of February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete the "External links modified" sections if they want, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{sourcecheck}} (last update: 15 July 2018).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 00:58, 3 December 2017 (UTC)