The Danger of Application Layer DoS Attacks

I host a website on a cheap $5 IaaS hosting service without a CDN.

An actor with a higher bandwidth internet connection could try to overload my webserver with recursively downloading some data with wget/curl/lynx until my server crashes/stops responding in general due to Denial of Service.

Is application layer DoS dangerous?

A site which does not scale well is of course in danger to be easily made unavailable (denial of service) by an attacker. But it does not matter a lot if this is application layer DoS or bandwidth based DoS – it’s just that the site cannot deal with it. And it is irrelevant what tools are actually used, i.e. GUI tools, command line tools, self-made scripts etc – all what matters is the result.

Could a single attacker without access to some botnet or larger amount of computing power do this – unlikely, unless your system has a really small performance or bandwidth or if each requests causes lots of work in your server, like expensive database lookups. But, it is usually easy and cheap for a determined attacker to get access to botnets or more computing power.

Am I fearing for nothing?

Is this is an actual problem for you – it depends. If the site is relevant for running a business then it can financially hurt a lot if the site gets unavailable. If the site is only for your own fun then such attacks might be annoying for you, but don’t cause real harm.

Leave a Reply

Your email address will not be published. Required fields are marked *