Skip to main content /TECH with /TECH

Study: Nearly 4,000 DoS attacks occur per week


By Sam Costello

(IDG) -- Denial of service (DoS) attacks are launched against commercial Web sites, but also against Internet infrastructure equipment, small countries, and home PCs, at the rate of nearly 4,000 per week, according to a new study by researchers at the University of California, San Diego (UCSD).

The study comes as the result of a partnership between UCSD's Cooperative Association for Internet Data Analysis (CAIDA) and the Jacobs School of Engineering, also at UCSD.

The study team, made up of CAIDA's David Moore, along with Geoffrey M. Volker and Stephen Savage, both of UCSD's Computer Science and Engineering Department, studied DoS attacks across the Internet for three one-week periods, centering on the number, duration, and focus of the attacks. INFOCENTER
Related Stories
Visit an IDG site search

They found that more than 12,000 DoS attacks were launched in the period studied, with a small percentage targeting devices crucial to the operation of the Internet, including routers and name servers.

DoS attacks involve flooding target computers with false requests for information, overloading the machines' capacity to respond, and leading to denial of service to legitimate users. Many such attacks use multiple computers spread throughout the world that have been taken over through hacking. In early 2000, DoS attacks brought offline for days a number of high-profile sites, including,, and

Between 2 percent and 3 percent of all DoS attacks studied targeted name servers, the computers used to route Internet traffic to the proper domain name, instead of its numerical address equivalent, according to the study. Routers, which are devices directing traffic to its appropriate locations in networks, received 1 percent to 3 percent of the attacks.

Targeting routers and similar devices for attack is particularly troublesome because taking them offline could result in a service outage to a much greater cross-section of users, rather than just those of a specific Web site.

As was expected, high-profile sites such as,, and were popular targets for DoS attacks, the study said. However, Romanian computers were attacked almost as much as .com and .net sites and Brazilian machines were hit more than .edu and .org sites combined. The vast majority of victims, 95 percent, were attacked fewer than five times, with the bulk of that group, 65 percent, experiencing only one attack.

Also of note, the researchers found that a number of attacks were directed against home users connecting to the Internet using dial-up or cable modems, indicating that DoS attacks are used in personal disputes.

The study tracked an effect called a backscatter, which follows the spread of information requests across the Internet generated by DoS attacks. In many DoS attacks, addresses from which the attacks are launched are faked, or "spoofed," and thus, when requests for service are answered by the server under attack, the data is sent all across the Internet, rather than to the computer where the attack originates. This spread of information is the backscatter, which provides an estimate of worldwide DoS activity, according to the report.


Cooperative Association for Internet Data Analysis (CAIDA)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top