The IT Law Wiki
The IT Law Wiki

Definitions[]

General[]

Denial of service (DoS) is

[a]n attack that prevents or impairs the authorized use of information system resources or services.[1]
[t]he prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)[2]
[p]reventing or impairing the normal authorized functionality of networks, systems, or applications by exhausting resources. This activity includes being the victim of or participating in a denial of service attack.[3]
[w]hen action(s) result in the inability to communicate and/or the inability of an AIS or any essential part to perform its designated mission, either by loss or degradation of a signal or operational capability.[4]

Message handling[]

Denial of service (DoS) occurs

when an entity fails to perform its function or prevents other entities from performing their functions, which may be a denial of access, a denial of communications, a deliberate suppression of messages to a particular recipient, a fabrication of extra traffic, an MTA was caused to fail or operate incorrectly, an MTS was caused to deny a service to other users. Denial of service threats include the following: denial of communications, MTA failure, MTS flooding.[5]

References[]

  1. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  2. NIST Special Publication 800-27A.
  3. Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements, at 5.
  4. OPSEC Glossary of Terms.
  5. ITU, "Compendium of Approved ITU-T Security Definitizons," at 16-17 (Feb. 2003 ed.) (full-text).

External resources[]

  • CERT® Advisory CA-1999-17 Denial-of-Service Tools (Dec. 28, 1999, revised, Mar. 3, 2000) (full-text).
  • CERT® Incident Note IN-99-07: Distributed Denial of Service Tools (Nov. 18, 1999, updated, Dec. 8, 1999 and Jan. 15, 2001) (full-text).
  • CERT®, Results of the Distributed-Systems Intruder Tools Workshop (Nov. 2-4, 1999) (full-text).
  • CERT® Advisory CA-2000-01 Denial-of-Service Developments (Jan. 3, 2000) [full-text)
  • CERT® Incident Note IN-2000-05: "mstream" Distributed Denial of Service Tool (May 2, 2000) (full-text).
  • CERT®, Trends in Denial of Service Attack Technology (ver.1) (Oct, 2001) (full-text).