4.3 Denial-of-Service

Sometimes the goal of an attack is not to steal something from you, but to make your systems or network unavailable either by crashing a system or saturating the resources of the target systems or network connection. This form of attack has consequences beyond inconvience. Imagine a clothing company that does the bulk of their sales through an online catalog. If people can't log into the web site, they can't buy sweaters and polo shirts. This loss of business can have significant impact in a short time. (This is what happened to eBay, Yahoo, and other large web services in February of 2000.)

A large number of signatures help detect this category of attack. With a combination of signatures, portscan detection, automated blocking, and the new thresholding and suppression rule types, Snort can be a very good countermeasure against denial-of-service (DoS) attacks.