Skip to content
SynAc
Term

Denial of Service

A denial-of-service (DoS) attack attempts to make a system or network unavailable to legitimate users.

Senses

Availability attack

DoS attacks can exhaust resources (bandwidth, CPU, memory, connections) or exploit protocol/application weaknesses. Mitigations include rate limiting, filtering, and resilient architecture.

References
  • NIST CSRC GlossaryJan 05, 2026
    NIST CSRC Glossary — Denial of service
    https://csrc.nist.gov/glossary/term/denial_of_service
    NIST states most site information is public information and may be distributed or copied, except material marked as copyrighted; attribution requested. Verify per-document markings before quoting.
    Source: NIST CSRC Glossary (csrc.nist.gov).
Sense 2

An attack that prevents or impairs the authorized use of information system resources or services.

References
  • NICCS (CISA) Cybersecurity VocabularyJan 06, 2026
    NICCS glossary export (CSV)
    https://niccs.cisa.gov/rest/vocab/export-csv
    NICCS is a CISA (DHS) program. Individual glossary entries include a "From" attribution (e.g., CNSSI 4009, NIST SPs, NICE Framework). Treat "From" values as upstream provenance and verify before quoting large portions of text.
    Source: NICCS (CISA) Cybersecurity Vocabulary (niccs.cisa.gov).
Sense 3

Adversaries may perform Denial-of-Service (DoS) attacks to disrupt expected device functionality. Examples of DoS attacks include overwhelming the target device with a high volume of requests in a short time period and sending the target device a request it does not know how to handle. Disrupting device state may temporarily render it unresponsive, possibly lasting until a reboot can occur. When placed in this state, devices may be unable to send and receive requests, and may not perform expected response functions in reaction to other events in the environment.

Some ICS devices are particularly sensitive to DoS events, and may become unresponsive in reaction to even a simple ping sweep. Adversaries may also attempt to execute a Permanent Denial-of-Service (PDoS) against certain devices, such as in the case of the BrickerBot malware. (Citation: ICS-CERT April 2017)

Adversaries may exploit a software vulnerability to cause a denial of service by taking advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Vulnerabilities may exist in software that can be used to cause a denial of service condition.

Adversaries may have prior knowledge about industrial protocols or control devices used in the environment through Remote System Information Discovery. There are examples of adversaries remotely causing a Device Restart/Shutdown by exploiting a vulnerability that induces uncontrolled resource consumption. (Citation: ICS-CERT August 2018) (Citation: Common Weakness Enumeration January 2019) (Citation: MITRE March 2018)

References
(I)

The prevention of authorized access to a system resource or the delaying of system operations and functions. (See: availability, critical, flooding.)

Tutorial: A denial-of-service attack can prevent the normal conduct of business on the Internet. There are four types of solutions to this security problem:

  • Awareness: Maintaining cognizance of security threats and vulnerabilities. (See: CERT.)

  • Detection: Finding attacks on end systems and subnetworks. (See: intrusion detection.)

  • Prevention: Following defensive practices on network-connected systems. (See: [R2827].)

  • Response: Reacting effectively when attacks occur. (See: CSIRT, contingency plan.)

References
  • IETF RFC 4949 (Internet Security Glossary)Jan 06, 2026
    RFC 4949 — Internet Security Glossary (Version 2)
    https://www.rfc-editor.org/rfc/rfc4949.txt
    RFC 4949 is published by the IETF Trust and marked as "Distribution of this memo is unlimited". Verify IETF Trust copyright/licensing terms for reuse.
    Source: IETF RFC 4949 (rfc-editor.org).