DoS vs. DDoS Attacks: What’s The Difference?

With so many online risks, it’s hard to keep up with the latest “threat du jour”. You’ve probably heard of malware and ransomware, maybe even phishing and spear phishing—but what about DoS and DDoS attacks? Is the average person, like you and me, really at risk? And what’s the difference between the two? We’ll take a look at DoS vs. DDoS attacks, so you can understand the risks involved and how to avoid them.

Two people looking at a computer screen with concern.

What is a DoS attack? A DoS attack is a denial-of-service attack that comes from a single location. Typically, a DoS attack takes time to pull off because hackers need the bandwidth necessary to handle the amount of information they’re planning to send to their target. Because a DoS attack is often a small-scale attack, individuals and small businesses are more likely to be the targets. For instance, a hacker could target a teenage gamer and ruin their day by getting them kicked off an overloaded server or overload a small website and distract them from another attack. Either way, the DoS attack will be instigated from one location, which makes it much easier to identify the source.

Microsoft Defender

Stay safer online with one easy-to-use app¹

¹Microsoft 365 Personal or Family subscription required; app available as separate download

Learn More

Types of DoS attacks Not all DoS attacks are the same. If only a single type of DoS attack existed, it wouldn’t be difficult to protect yourself against them. Unfortunately, multiple types of DoS attacks can threaten your computer system, but we’ll outline two common attacks:

Buffer overflow attack. A buffer overflow attack is the most common type of DoS attack. A buffer overflow collects additional data when a program’s volume surpasses its memory capacity. An example would be if a program is written to expect 10 bytes of data and a request contains 15 bytes, the five extra bytes will go into the buffer overflow. Overloading a buffer overflow can cause a program to behave unpredictably or crash. A buffer overflow attack sends requests that overload the buffer overflow and make the system crash, which can make it unusable.
Teardrop attack. In a teardrop attack, a hacker sends fragments of IP data to a system, but the data can’t be reassembled into the original packets because it’s been changed. It would be like if you sent a 1,000-piece puzzle to somebody but secretly swapped out 100 pieces from another puzzle. Similar to how someone would feel putting together the sabotaged puzzle, the system breaks down.

“Hackers looking to make a statement by taking on companies like Google and Amazon will attempt to cultivate armies of bots to use in their attacks.”

What is a DDoS attack? A DDoS attack is a type of DoS attack, but the same is not true in reverse. (Similar to how all thumbs are fingers, but not all fingers are thumbs.) A DDoS attack is still considered a DoS attack because both attempt to overload a server or computer network with information. A DDoS attack, however, is a distributed denial-of-service, which means that a hacker uses a network of devices that can be distributed worldwide.

One reason hackers might use a DDoS attack over an isolated DoS attack is bandwidth. A large network of bots (infected computers/machines) allows hackers to take down much larger targets than a single device can. Hackers looking to make a statement by taking on companies like Google or Amazon will attempt to cultivate armies of bots to use in their attacks.

An open laptop sitting atop a wooden desk.

Types of DDoS attacks As mentioned above, DDoS attacks can cause problems for huge companies because they can be pulled off in a massive way. There are many types of DDoS attacks, but we’ll highlight two of the most common:

Volume-based attacks. A volume-based attack, or volumetric attack, specifically targets a network’s bandwidth. The hacker sends consistent requests to a network to slow it down or make it stop working entirely. It’s kind of like how your internet gets bogged down when a house full of people connect to your Wi-Fi over the holidays.
DNS server attacks. Hackers can hack into DNS (domain name system) servers and turn websites into IP addresses. By spoofing IP addresses from multiple domains, hackers can send loads of information, overwhelming a server. Using phony IP addresses makes it difficult to pinpoint where the attack is coming from and keeps the hackers hidden in the shadows.

How do I avoid an attack? There’s often a lot of personal information on your devices that you want to ensure is safe. Stealing from one individual isn’t always the motivation of a hacker. Instead, they’re looking to hit a huge payday from a corporation, and hacking your computer is simply a means to an end. Keep your antivirus software up to date and avoid clicking on suspicious links to protect your network from malware that can tie your devices into a botnet. If you have gamers in your house, ensure that they’re only playing on secure servers that won’t put them at risk of a DoS attack. Games like Minecraft that live on public, unsecured servers are notorious for DoS attacks from disgruntled gamers and pranksters.

While your home computer network might not be the direct target of a DoS or DDoS attack, your devices could be collateral damage after a large-scale attack. Keep your devices and personal information safe by being vigilant and avoiding risky behavior.