[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown) 3. [Cyber Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) 4. [What Is a Denial of Service (DoS) Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown) Table of Contents * [What Is a Cyber Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) * [Threat Overview: Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#threat?ts=markdown) * [Cyber Attack Types at a Glance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#cyber?ts=markdown) * [Global Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#global?ts=markdown) * [Cyber Attack Taxonomy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#taxonomy?ts=markdown) * [Threat-Actor Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#landscape?ts=markdown) * [Attack Lifecycle and Methodologies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#methodologies?ts=markdown) * [Technical Deep Dives](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#technical?ts=markdown) * [Cyber Attack Case Studies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#studies?ts=markdown) * [Tools, Platforms, and Infrastructure](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#tools?ts=markdown) * [The Effect of Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#effect?ts=markdown) * [Detection, Response, and Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#detection?ts=markdown) * [Emerging Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#trends?ts=markdown) * [Testing and Validation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#testing?ts=markdown) * [Metrics and Continuous Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#metrics?ts=markdown) * [Cyber Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#faqs?ts=markdown) * [What Is a Zero-Day Attack? Risks, Examples, and Prevention](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention?ts=markdown) * [Zero-Day Attacks Explained](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#explained?ts=markdown) * [Zero-Day Vulnerability vs. Zero-Day Attack vs. CVE](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#vs?ts=markdown) * [How Zero-Day Exploits Work](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#how?ts=markdown) * [Common Zero-Day Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#common?ts=markdown) * [Why Zero-Day Attacks Are So Effective and Their Consequences](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#why?ts=markdown) * [How to Prevent and Mitigate Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#prevent?ts=markdown) * [The Role of AI in Zero-Day Defense](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#role?ts=markdown) * [Real-World Examples of Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#examples?ts=markdown) * [Zero-Day Attacks FAQs](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#faqs?ts=markdown) * [What Is Lateral Movement?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) * [Why Attackers Use Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#why?ts=markdown) * [How Do Lateral Movement Attacks Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#how?ts=markdown) * [Stages of a Lateral Movement Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#stages?ts=markdown) * [Techniques Used in Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#technicques?ts=markdown) * [Detection Strategies for Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#detection?ts=markdown) * [Tools to Prevent Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#tools?ts=markdown) * [Best Practices for Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#best?ts=markdown) * [Recent Trends in Lateral Movement Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#recent?ts=markdown) * [Industry-Specific Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#industry?ts=markdown) * [Compliance and Regulatory Requirements](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#compliance?ts=markdown) * [Financial Impact and ROI Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#financial?ts=markdown) * [Common Mistakes to Avoid](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#common?ts=markdown) * [Lateral Movement FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#faqs?ts=markdown) * [What is a Botnet?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet?ts=markdown) * [How Botnets Work](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#how?ts=markdown) * [Why are Botnets Created?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#why?ts=markdown) * [What are Botnets Used For?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#what?ts=markdown) * [Types of Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#types?ts=markdown) * [Signs Your Device May Be in a Botnet](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#signs?ts=markdown) * [How to Protect Against Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#protect?ts=markdown) * [Why Botnets Lead to Long-Term Intrusions](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#intrusions?ts=markdown) * [How To Disable a Botnet](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#disable?ts=markdown) * [Tools and Techniques for Botnet Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#tools?ts=markdown) * [Real-World Examples of Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#examples?ts=markdown) * [Botnet FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#faqs?ts=markdown) * [What is a Payload-Based Signature?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature?ts=markdown) * [Importance of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#important?ts=markdown) * [How Payload-Based Signatures Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#how?ts=markdown) * [Advantages of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#advantages?ts=markdown) * [Use Cases of Payload-Based Signatures in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#usecases?ts=markdown) * [Payload-Based Signatures FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#faqs?ts=markdown) * [Dark Web Leak Sites: Key Insights for Security Decision Makers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site?ts=markdown) * [Dark Web Leak Sites Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#dark?ts=markdown) * [Evolving Extortion Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#tactics?ts=markdown) * [The Role of Leak Sites in Ransomware Double Extortion](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#role?ts=markdown) * [Critical Risks Exposed by Data Leak Sites](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#critical?ts=markdown) * [Anatomy of a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#anatomy?ts=markdown) * [Proactive Defense: How Organizations Can Mitigate Dark Web Leaks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#proactive?ts=markdown) * [Dark Web Leak Site FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#faqs?ts=markdown) * [What to Do If Your Organization Appears on a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#appears?ts=markdown) * [What is Spyware?](https://www.paloaltonetworks.com/cyberpedia/what-is-spyware?ts=markdown) * [Cybercrime: The Underground Economy](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy?ts=markdown) * [Products](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#products?ts=markdown) * [Services](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#services?ts=markdown) * [Cybercrime FAQs](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#faqs?ts=markdown) * [What Is Cross-Site Scripting (XSS)?](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting?ts=markdown) * [XSS Explained](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#xss?ts=markdown) * [Evolution in Attack Complexity](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#evolution?ts=markdown) * [Anatomy of a Cross-Site Scripting Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#anatomy?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#integration?ts=markdown) * [Widespread Exposure in the Wild](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#widespread?ts=markdown) * [Cross-Site Scripting Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#mitigation?ts=markdown) * [Response and Recovery Post XSS Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#response?ts=markdown) * [Strategic Cross-Site Scripting Risk Perspective](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#strategic?ts=markdown) * [Cross-Site Scripting FAQs](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#faqs?ts=markdown) * [What Is a Dictionary Attack?](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack?ts=markdown) * [Dictionary Attack Explained](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#dictionary?ts=markdown) * [How Dictionary Attacks Work](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#how?ts=markdown) * [Dictionary Attack in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#lifecycle?ts=markdown) * [Dictionary Attack in the Real World](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#examples?ts=markdown) * [Dictionary Attack Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#indicators?ts=markdown) * [Preventing and Mitigating Dictionary Attack](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#preventing?ts=markdown) * [Attack Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#recovery?ts=markdown) * [Dictionary Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#faqs?ts=markdown) * [What Is a Credential-Based Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) * [Credential-Based Attack Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#credential?ts=markdown) * [How Credential-Based Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#how?ts=markdown) * [Variations on Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#variations?ts=markdown) * [Preventing Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#preventing?ts=markdown) * [Credential-Based Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#faqs?ts=markdown) * What Is a Denial of Service (DoS) Attack? * [How Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#how?ts=markdown) * [Denial-of-Service in Adversary Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#denial?ts=markdown) * [Real-World Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#attacks?ts=markdown) * [Detection and Indicators of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#detection?ts=markdown) * [Prevention and Mitigation of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#prevention?ts=markdown) * [Response and Recovery from Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#response?ts=markdown) * [Operationalizing Denial-of-Service Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#defense?ts=markdown) * [DoS Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#faqs?ts=markdown) * [What Is Hacktivism?](https://www.paloaltonetworks.com/cyberpedia/hacktivism?ts=markdown) * [Hacktivism Explained](https://www.paloaltonetworks.com/cyberpedia/hacktivism#explained?ts=markdown) * [Origins and Definitions](https://www.paloaltonetworks.com/cyberpedia/hacktivism#origins?ts=markdown) * [Forms and Methods](https://www.paloaltonetworks.com/cyberpedia/hacktivism#forms?ts=markdown) * [Related Practices](https://www.paloaltonetworks.com/cyberpedia/hacktivism#related?ts=markdown) * [Who Do Hacktivists Target?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#who?ts=markdown) * [What Motivates Hacktivists?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#what?ts=markdown) * [Is Hacktivism Ethical?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#ethical?ts=markdown) * [Hacktivism FAQs](https://www.paloaltonetworks.com/cyberpedia/hacktivism#faqs?ts=markdown) * [What Is a DDoS Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) * [Threat Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#threat?ts=markdown) * [How Distributed Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#how?ts=markdown) * [DDoS in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#ddos?ts=markdown) * [Real-World DDoS Incidents and Organizational Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#impact?ts=markdown) * [DDoS Attack Detection Indicators](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#indicators?ts=markdown) * [DDoS Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#mitigation?ts=markdown) * [DDoS Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#recovery?ts=markdown) * [Distributed Denial of Service FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#faqs?ts=markdown) * [What Is CSRF (Cross-Site Request Forgery)?](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery?ts=markdown) * [CSRF Explained](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#csrf?ts=markdown) * [How Cross-Site Request Forgery Works](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#how?ts=markdown) * [Where CSRF Fits in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#where?ts=markdown) * [CSRF in Real-World Exploits](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#exploits?ts=markdown) * [Detecting CSRF Through Behavioral and Telemetry Signals](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#detecting?ts=markdown) * [Defending Against Cross-Site Request Forgery](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#defending?ts=markdown) * [Responding to a CSRF Incident](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#responding?ts=markdown) * [CSRF as a Strategic Business Risk](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#risk?ts=markdown) * [Key Priorities for CSRF Defense and Resilience](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#key?ts=markdown) * [Cross-Site Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#faqs?ts=markdown) * [What Is Spear Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing?ts=markdown) * [Spear Phishing Email Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#what?ts=markdown) * [How Does Spear Phishing Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#how?ts=markdown) * [Types of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#types?ts=markdown) * [Examples of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#examples?ts=markdown) * [How to Protect Yourself from Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#protect?ts=markdown) * [If You Fall Victim to Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#victim?ts=markdown) * [Spear Phishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#faq?ts=markdown) * [What Is Brute Force?](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) * [How Brute Force Functions as a Threat](https://www.paloaltonetworks.com/cyberpedia/brute-force#how?ts=markdown) * [How Brute Force Works in Practice](https://www.paloaltonetworks.com/cyberpedia/brute-force#practice?ts=markdown) * [Brute Force in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/brute-force#brute?ts=markdown) * [Real-World Brute Force Campaigns and Outcomes](https://www.paloaltonetworks.com/cyberpedia/brute-force#outcomes?ts=markdown) * [Detection Patterns in Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#detection?ts=markdown) * [Practical Defense Against Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#defense?ts=markdown) * [Response and Recovery After a Brute Force Incident](https://www.paloaltonetworks.com/cyberpedia/brute-force#response?ts=markdown) * [Brute Force Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/brute-force#faqs?ts=markdown) * [What is a Command and Control Attack?](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained?ts=markdown) * [How a Command and Control Attack Works](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#how?ts=markdown) * [Types of Command and Control Techniques](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#types?ts=markdown) * [Devices Targeted by C\&C](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#devices?ts=markdown) * [What Hackers Can Accomplish Through Command and Control](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#what?ts=markdown) * [Command and Control FAQs](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#faqs?ts=markdown) * [What Is an Advanced Persistent Threat?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown) * [Characteristics of Advanced Persistent Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#characteristics?ts=markdown) * [What Techniques Are Used for APT Attacks?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#techniques?ts=markdown) * [What Are the Stages of an APT Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#stages?ts=markdown) * [What Is the Defense Against APT?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#defense?ts=markdown) * [Real-World Example of an APT Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#realworld?ts=markdown) * [Advanced Persistent Threat FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#faqs?ts=markdown) * [What is an Exploit Kit?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit?ts=markdown) * [Landing Page](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#landing?ts=markdown) * [Exploit](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#exploit?ts=markdown) * [Payload](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#payload?ts=markdown) * [What Is Credential Stuffing?](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing?ts=markdown) * [Credential Stuffing Explained](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#credential?ts=markdown) * [Automated Exploitation of Reused Credentials](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#automated?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#integration?ts=markdown) * [Credential Stuffing Attacks in the Real World](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#stuffing?ts=markdown) * [Responding and Recovering from Credential Stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#responding?ts=markdown) * [Credential Stuffing FAQs](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#faqs?ts=markdown) * [What Is Smishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing?ts=markdown) * [How to Spot a Smishing Attempt](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#spot-smishing-attempt?ts=markdown) * [How to Avoid Being Smished](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#avoid-being-smished?ts=markdown) * [Smishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#faqs?ts=markdown) * [What is Social Engineering?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering?ts=markdown) * [The Role of Human Psychology in Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#role?ts=markdown) * [How Has Social Engineering Evolved?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#historical?ts=markdown) * [How Does Social Engineering Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#how?ts=markdown) * [Phishing vs Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#phishing?ts=markdown) * [What is BEC (Business Email Compromise)?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#bec?ts=markdown) * [Notable Social Engineering Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#notable?ts=markdown) * [Social Engineering Prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#social?ts=markdown) * [Consequences of Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#consequences?ts=markdown) * [Social Engineering FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#faqs?ts=markdown) * [What Is a Honeypot?](https://www.paloaltonetworks.com/cyberpedia/honeypots?ts=markdown) * [Threat Overview: Honeypot](https://www.paloaltonetworks.com/cyberpedia/honeypots#threat?ts=markdown) * [Honeypot Exploitation and Manipulation Techniques](https://www.paloaltonetworks.com/cyberpedia/honeypots#honeypot?ts=markdown) * [Positioning Honeypots in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/honeypots#positioning?ts=markdown) * [Honeypots in Practice: Breaches, Deception, and Blowback](https://www.paloaltonetworks.com/cyberpedia/honeypots#blowback?ts=markdown) * [Detecting Honeypot Manipulation and Adversary Tactics](https://www.paloaltonetworks.com/cyberpedia/honeypots#tactics?ts=markdown) * [Safeguards Against Honeypot Abuse and Exposure](https://www.paloaltonetworks.com/cyberpedia/honeypots#safeguards?ts=markdown) * [Responding to Honeypot Exploitation or Compromise](https://www.paloaltonetworks.com/cyberpedia/honeypots#compromise?ts=markdown) * [Honeypot FAQs](https://www.paloaltonetworks.com/cyberpedia/honeypots#faqs?ts=markdown) * [What Is Password Spraying?](https://www.paloaltonetworks.com/cyberpedia/password-spraying?ts=markdown) * [Password Spraying Explained](https://www.paloaltonetworks.com/cyberpedia/password-spraying#password?ts=markdown) * [How Password Spraying Works](https://www.paloaltonetworks.com/cyberpedia/password-spraying#works?ts=markdown) * [Password Spraying in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/password-spraying#attack?ts=markdown) * [Real-World Examples of Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#realworld?ts=markdown) * [Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/password-spraying#detection?ts=markdown) * [Preventing and Mitigating Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#mitigating?ts=markdown) * [Responding to Password Spraying](https://www.paloaltonetworks.com/cyberpedia/password-spraying#responding?ts=markdown) * [Password Spraying FAQs](https://www.paloaltonetworks.com/cyberpedia/password-spraying#faqs?ts=markdown) * [How to Break the Cyber Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle?ts=markdown) * [1. Reconnaissance:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#reconnaissance?ts=markdown) * [2. Weaponization and Delivery:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#weaponization?ts=markdown) * [3. Exploitation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#exploitation?ts=markdown) * [4. Installation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#installation?ts=markdown) * [5. Command and Control:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#command?ts=markdown) * [6. Actions on the Objective:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#actions?ts=markdown) * [Cyber Attack Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#faqs?ts=markdown) * [What Is Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) * [Phishing Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#phishing?ts=markdown) * [The Evolution of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#?ts=markdown) * [The Anatomy of a Phishing Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#anatomy?ts=markdown) * [Why Phishing Is Difficult to Detect](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#detect?ts=markdown) * [Types of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#types?ts=markdown) * [Phishing Adversaries and Motives](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#motives?ts=markdown) * [The Psychology of Exploitation](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#psychology?ts=markdown) * [Lessons from Phishing Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#lessons?ts=markdown) * [Building a Modern Security Stack Against Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#building?ts=markdown) * [Building Organizational Immunity](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#immunity?ts=markdown) * [Phishing FAQ](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#faqs?ts=markdown) * [What Is a Rootkit?](https://www.paloaltonetworks.com/cyberpedia/rootkit?ts=markdown) * [Rootkit Classification and Technical Definition](https://www.paloaltonetworks.com/cyberpedia/rootkit#rootkit?ts=markdown) * [Types of Rootkits](https://www.paloaltonetworks.com/cyberpedia/rootkit#types?ts=markdown) * [Rootkit Installation and Execution Flow](https://www.paloaltonetworks.com/cyberpedia/rootkit#installation?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/rootkit#integration?ts=markdown) * [Cyberattacks Involving Rootkits in the News](https://www.paloaltonetworks.com/cyberpedia/rootkit#cyberattacks?ts=markdown) * [Rootkit Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/rootkit#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/rootkit#prevention?ts=markdown) * [Responding to Rootkit-Related Attacks](https://www.paloaltonetworks.com/cyberpedia/rootkit#responding?ts=markdown) * [Rootkit FAQs](https://www.paloaltonetworks.com/cyberpedia/rootkit#faqs?ts=markdown) * [Browser Cryptocurrency Mining](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining?ts=markdown) * [How It Works](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#works?ts=markdown) * [How to Defend Against It](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#defend?ts=markdown) * [Browser Cryptocurrency Mining FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#faqs?ts=markdown) * [What Is Pretexting?](https://www.paloaltonetworks.com/cyberpedia/pretexting?ts=markdown) * [Pretexting Explained](https://www.paloaltonetworks.com/cyberpedia/pretexting#pretexting?ts=markdown) * [Evolution of the Attack Technique](https://www.paloaltonetworks.com/cyberpedia/pretexting#evolution?ts=markdown) * [How Pretexting Works](https://www.paloaltonetworks.com/cyberpedia/pretexting#how?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/pretexting#integration?ts=markdown) * [Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/pretexting#examples?ts=markdown) * [Pretexting Detection Tactics in Live Environments](https://www.paloaltonetworks.com/cyberpedia/pretexting#detection?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/pretexting#mitigation?ts=markdown) * [Pretexting FAQs](https://www.paloaltonetworks.com/cyberpedia/pretexting#faqs?ts=markdown) * [What Is Cryptojacking?](https://www.paloaltonetworks.com/cyberpedia/cryptojacking?ts=markdown) * [Understanding Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#understanding?ts=markdown) * [Types of Cryptojacking and Resource Abuse Attacks](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#types?ts=markdown) * [How Cryptojacking Works](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#how?ts=markdown) * [Cryptojacking in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#chain?ts=markdown) * [Real-World Cases of Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#cases?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#prevention?ts=markdown) * [Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#response?ts=markdown) * [Cryptojacking FAQs](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#faqs?ts=markdown) # What Is a Denial of Service (DoS) Attack? 5 min. read Table of Contents * * [How Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#how?ts=markdown) * [Denial-of-Service in Adversary Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#denial?ts=markdown) * [Real-World Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#attacks?ts=markdown) * [Detection and Indicators of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#detection?ts=markdown) * [Prevention and Mitigation of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#prevention?ts=markdown) * [Response and Recovery from Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#response?ts=markdown) * [Operationalizing Denial-of-Service Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#defense?ts=markdown) * [DoS Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#faqs?ts=markdown) 1. How Denial-of-Service Attacks Work * * [How Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#how?ts=markdown) * [Denial-of-Service in Adversary Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#denial?ts=markdown) * [Real-World Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#attacks?ts=markdown) * [Detection and Indicators of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#detection?ts=markdown) * [Prevention and Mitigation of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#prevention?ts=markdown) * [Response and Recovery from Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#response?ts=markdown) * [Operationalizing Denial-of-Service Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#defense?ts=markdown) * [DoS Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#faqs?ts=markdown) A denial-of-service (DoS) attack is a [cyber attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) that inundates a system, application, or network with excessive traffic or resource requests, rendering it unavailable to legitimate users and disrupting operations, often without breaching security perimeters. ![Denial-of-service 101](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/denial-of-service-attack-dos/video-thumbnail-denial-of-service-attack-dos.png) *Video 1: Denial-of-service 101* close ## DoS Attack Explained A denial-of-service (DoS) attack deliberately exhausts the availability of a system, service, or network resource by flooding it with requests or exploiting operational bottlenecks. The objective is to degrade or disrupt service delivery to legitimate users --- and to do so without requiring access to internal systems or data. [MITRE ATT\&CK framework](https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack?ts=markdown) classifies denial of service under multiple techniques, most notably under T1499: Endpoint Denial of Service, T1498: Network Denial of Service, and T1499.001: OS Exhaustion Flood. These cover attacks at both infrastructure and application layers, including volumetric floods, protocol abuse, and resource starvation. ### Related Terminology and Forms DoS encompasses multiple subtypes. A [distributed denial-of-service (DDoS)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) attack leverages [botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet?ts=markdown) or multiple compromised systems to amplify scale and redundancy. Application-layer DoS targets specific features or endpoints to exhaust memory, thread pools, or compute cycles with low-volume but high-impact requests. SYN floods, HTTP floods, UDP amplification, IP fragmentation, and slowloris attacks are all distinct forms of DoS, each abusing a different network or protocol behavior. ### Modern Variants and Target Shifts Early DoS attacks aimed at bandwidth saturation. Modern variants prioritize economic and operational disruption. Attackers increasingly target API endpoints, cloud service limits, or [WAF](https://www.paloaltonetworks.com/cyberpedia/what-is-a-web-application-firewall?ts=markdown) configurations. [Cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) applications face new risks from event-driven architectures and autoscaling thresholds, where DoS can trigger cascading failures or inflated cloud costs. Attackers also deploy multivector DoS campaigns, combining volumetric, protocol, and application-layer tactics to evade detection and amplify effectiveness. Many campaigns serve as decoys to distract responders from [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) or [data exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown) activities in parallel. Denial of service, once considered noisy and unsophisticated, now functions as a precision weapon in [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown) extortion, geopolitical disruption, and nation-state signaling. Its evolution reflects the shifting nature of operational risk in highly distributed, API-driven environments. ## How Denial-of-Service Attacks Work DoS attacks aim to overwhelm a target by consuming finite resources. The target may be a web server, network device, application [endpoint](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown), or cloud-based service. Attacks either flood the system with excessive traffic or exploit protocol logic to trigger failure states. In either case, the outcome is degraded or halted availability. A typical attack begins with target reconnaissance, identifying exposed services, bandwidth limitations, session handling behavior, or rate enforcement gaps. Once mapped, attackers select a strategy: volumetric, protocol, or application-layer disruption. Each vector has different characteristics and defensive implications. ### Volumetric DoS and Amplification Tactics Volumetric attacks saturate bandwidth with junk traffic. Reflection techniques like DNS, NTP, or CLDAP amplification are frequently used, where attackers spoof a victim's IP as the source of a small query that elicits a much larger response. Open resolvers and poorly configured UDP services enable this scale. UDP flood attacks require no session handshake. They can be launched from spoofed IPs using tools such as hping3, Low Orbit Ion Cannon (LOIC), or custom Python scripts. When launched from botnets, these floods can exceed hundreds of Gbps, overwhelming network interfaces, firewalls, or transit links. ### Protocol-Level Abuse Protocol attacks manipulate stateful behavior in TCP/IP, HTTP, or SSL/TLS layers. A SYN flood, for example, exploits the TCP handshake by sending a large volume of SYN packets without completing the connection. The server allocates resources for each half-open session until capacity is exhausted. In HTTP/2 environments, attackers abuse the multiplexing layer to send overlapping streams or craft malformed headers that bypass traditional rate filters. TLS renegotiation and session resumption mechanisms also become attack surfaces in poorly optimized configurations. ### Application-Layer Disruption Application-layer attacks are stealthier and more resource-efficient. They mimic legitimate requests but are designed to consume server resources disproportionate to their size. A common technique is a slow POST, where an attacker opens a connection and trickles in the body content byte-by-byte, preventing the server from freeing resources. In REST and GraphQL APIs, attackers generate high-cardinality queries, over-fetch nested data, or hit endpoints with high CPU cost per request. These techniques require fewer requests to degrade performance and often bypass volumetric detection. ### Cloud-Specific Weaknesses Cloud-native applications expose unique failure conditions. Autoscaling groups may scale out under attack, causing cost explosions. Lambda-based serverless architectures can become vulnerable to concurrency exhaustion. [API gateways](https://www.paloaltonetworks.com/cyberpedia/what-is-api-gateway?ts=markdown) and load balancers may be overloaded before application backends are reached. Threat actors also target cloud-specific throttling limits, such as burst quotas, memory ceilings, or request-per-second thresholds. Some campaigns aim to force a service degradation that triggers failover or alerts, distracting responders from simultaneous intrusions. ![SYN flood with spoofed packets](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/denial-of-service-attack-dos/code-snippet-bash.png) Figure 1: SYN flood with spoofed packets The command in figure 1 sends a continuous stream of SYN packets with randomized source IPs to port 443, consuming the server's connection queue. It's stateless and difficult to block without deep inspection or behavioral rate-limiting. DoS attacks vary in volume, sophistication, and intent. Some seek disruption. Others act as diversions. A growing number exploit business logic and infrastructure dependencies, turning availability into a calculated attack surface. ## Denial-of-Service in Adversary Campaigns Denial-of-service attacks rarely function in isolation. In targeted operations, adversaries integrate DoS techniques into multiphase kill chains designed to distract, delay, or degrade response during more consequential activity. DoS becomes a supporting mechanism --- tactical in timing, strategic in outcome. ### Tactical Use for Distraction and Diversion Attackers often deploy DoS to mask intrusion. While defenders focus on restoring service availability, adversaries exploit the disruption to move laterally, escalate privileges, or exfiltrate data. For example, a burst of HTTP floods may coincide with credential [brute force](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) attempts, diluting telemetry visibility or delaying [SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) triage. Some threat actors use volumetric floods to target logging infrastructure or APIs that feed [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) and [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR?ts=markdown) pipelines. Overloading telemetry channels can break correlations, disable alerts, or create windows of unmonitored access. This approach allows stealthier techniques --- such as token theft or privilege misuse --- to unfold with less scrutiny. ### Staged DoS as Precursor or Follow-Up DoS can serve as a prelude to ransomware deployment. By disrupting remote backups or isolating incident responders, attackers limit remediation options before triggering encryption. In double extortion campaigns, a follow-on DoS attack may pressure victims during ransom negotiations or enforcement of payment deadlines. Some groups weaponize DoS post-exfiltration. Once data has been stolen, they launch availability attacks to inflict additional harm, disrupt recovery, or assert leverage in high-profile extortion campaigns. In these cases, the attack chain involves a full compromise followed by denial. ### Kill Chain Positioning * **Reconnaissance**: Attackers identify weak endpoints, exposed APIs, or cloud service thresholds. Misconfigured DDoS protection or unmonitored ports are key indicators for DoS viability. * **Initial Access**: DoS may not provide access itself but is often coordinated with phishing or credential stuffing to degrade visibility or response. * **Execution**: Application-layer DoS is often executed alongside living-off-the-land tactics, especially when endpoint detection must be overwhelmed. * **Exfiltration**: DoS floods may saturate logs or outbound filtering systems, reducing evidence of large data transfers or covert channels. * **Impact**: The DoS event, if timed after primary exploitation, serves as an accelerant to reputational damage or operational disruption. ### Dependencies and Connective Techniques Denial of service depends on exploitable asymmetries. Whether resource exhaustion, protocol behavior, or cloud misconfiguration, the attack works best when minimal input creates disproportionate output. Attackers amplify effect by combining DoS with: * [**Credential-based attacks**](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) to disrupt MFA infrastructure or identity verification processes * **[Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) or [pretexting](https://www.paloaltonetworks.com/cyberpedia/pretexting?ts=markdown)** to time DoS during critical response actions * **[CSRF](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery?ts=markdown) or session fixation** to exploit user reauthentication flows degraded by DoS pressure * **DNS manipulation** to redirect legitimate traffic into unmonitored or malicious paths Denial of service isn't just noise --- it's an adaptable tool in complex operations. Whether used to blind, delay, or coerce, its role in modern campaigns reflects a growing understanding of how infrastructure fragility shapes [cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security?ts=markdown) outcomes. ## Real-World Denial-of-Service Attacks Denial-of-service attacks have escalated in scale, targeting industries with high availability requirements and limited operational tolerance for disruption. Below are select examples that illustrate different motivations, methodologies, and consequences across verticals. ### Cloud Provider Disruption: Google Cloud, AWS, and Azure (2023--2024) In mid-2023, Google Cloud reported that it mitigated the largest known [Layer 7](https://www.paloaltonetworks.com/cyberpedia/what-is-layer-7?ts=markdown) (application layer) DDoS attack, peaking at 398 million requests per second. The attack leveraged a novel HTTP/2 vulnerability that enabled request multiplexing abuse, significantly amplifying load per connection. Within weeks, Microsoft and AWS reported similar campaigns against their infrastructure. Attackers exploited the same protocol-level flaw to target APIs and front-end services. These events revealed widespread reliance on shared transport and protocol stacks across major providers. The attack didn't [breach data](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown), but it triggered global rate limiting, auto-scaling failures, and service degradation in customer environments. It also forced emergency patches across CDNs, proxies, and web servers running HTTP/2. ### Healthcare Disruption: Denmark's Hospitals (2023) In May 2023, a DDoS campaign targeting the Danish healthcare system temporarily disrupted access to emergency booking systems and delayed treatment workflows across multiple hospitals. The attack originated from compromised IoT devices and focused on saturating inbound network bandwidth through volumetric floods. While no patient data was exposed, hospital administrators reported operational delays, appointment cancellations, and a ripple effect on dependent digital services. Healthcare regulators flagged the event as a failure in regional incident coordination and response preparedness. ### Financial Sector Targeting: HSBC (2023) HSBC confirmed a DDoS attack in November 2023 that disrupted mobile banking and customer web access. While the bank maintained transactional integrity, customers experienced login timeouts and intermittent service unavailability. Attack telemetry pointed to a botnet distributed across residential proxies and abused API endpoints not previously load tested under attack conditions. The incident exposed a critical business risk: customer churn due to perceived unreliability. Financial institutions operate in a zero-tolerance environment for latency, making them prime targets for precision DoS at the application and identity verification layers. ### Hacktivist-Driven Attacks: NoName057(16) Campaigns (2023--2024) The pro-Russian hacktivist group NoName057(16) launched repeated DDoS attacks against government, financial, and transport websites in Europe and North America throughout 2023 and into 2024. Using open-source tooling and Telegram-based coordination, the group maintained an ongoing campaign of public defacements and takedowns, targeting countries perceived as hostile to Russian interests. Unlike financially motivated campaigns, these attacks focused on high-visibility disruption rather than persistence. Targets included Poland's parliament portal, Canada's tax authority, and U.S. city websites. The attacks, while low sophistication, were effective due to consistent retargeting and exploitation of underprotected infrastructure. ### Industry Trends and Frequency According to Cloudflare's 2024 report, application-layer DDoS attacks increased by 79% year-over-year, with API endpoints and authentication services among the most targeted. Sectors with high digital reliance --- banking, SaaS, e-commerce, and healthcare --- continue to see sustained targeting, often by opportunistic groups repurposing older vulnerabilities with new traffic amplification vectors. DDoS has become a multipurpose weapon: disruption for extortion, distraction during breaches, coercion during negotiations, or simple ideological signaling. Attackers choose targets by technical exposure, but operational dependence on uptime and public reputation also add to the allure. ## Detection and Indicators of Denial-of-Service Attacks DoS attacks leave distinct traces across network, application, and system layers. Effective detection requires correlation between traffic telemetry, behavioral anomalies, and system performance metrics. The challenge lies in distinguishing malicious traffic from legitimate spikes caused by load tests, promotions, or onboarding surges. ### Network and Protocol-Level Indicators At the network layer, volumetric attacks produce sudden traffic spikes from a broad range of IP addresses, often with spoofed origins. Tools like NetFlow, sFlow, or VPC Flow Logs can reveal surges in inbound UDP or TCP SYN packets with low connection completion rates. Patterns such as asymmetric request/response ratios, excessive small-packet floods, or malformed headers in DNS, NTP, or HTTP packets can signal reflection or amplification campaigns. Many DDoS mitigation systems rely on entropy analysis of source IPs and TTL values to flag spoofed traffic. ### Application and API Layer Patterns Application-layer DoS presents as persistent requests targeting specific endpoints, often with valid headers but abnormal frequency or structure. Attackers may call resource-intensive routes --- like search, reporting, or export APIs --- with randomized parameters to avoid caching. Look for anomalies such as: * Sudden increase in POST or GET requests to low-traffic endpoints * Long-lived connections with minimal data transfer (e.g., slow POST) * Requests with excessive nesting or query depth in GraphQL or REST APIs * Repeated bursts of requests with short user-agent strings or inconsistent language headers Authentication endpoints also become hot spots for credential-based floods or session exhaustion, often preceding or accompanying volumetric activity. ### System-Level Effects and Resource Saturation On the target system, DoS attacks manifest as rapidly escalating CPU usage, memory allocation failures, or thread pool starvation. Web servers may hit connection limits, queue backlogs, or timeout thresholds. Load balancers and WAFs may log increased 503, 429, or 504 errors. Logging systems under duress may begin dropping events, introducing blind spots just as visibility becomes critical. Monitoring tools should alert on deviations in request-per-second (RPS), error rate, and backend latency --- particularly during off-peak hours or non-release windows. #### Key Indicators of Compromise (IOCs) * **IP patterns**: High-volume requests from spoofed or dynamically rotating IPs * **Header anomalies**: Missing or forged headers, unusual content-length values, or malformed HTTP/2 frames * **Request rate spikes**: Sudden, sustained surges in requests per second to single endpoints or services * **Port saturation**: Unusual levels of inbound traffic on UDP/TCP 53, 123, 389, or 443 * **Payloads**: Repeated malformed requests crafted to trigger buffer overflows or resource locks ### Monitoring Recommendations for SIEM/XDR Integration * Correlate firewall, load balancer, and web server logs to detect asymmetry between inbound and outbound flows * Set dynamic thresholds for API RPS, request complexity, and concurrent connections per IP * Monitor authentication logs for abnormal failure rates or login spikes tied to DoS timing * In cloud environments, track auto-scaling events and cost anomalies as early indicators of service saturation * Alert on drops in log volume or telemetry throughput, which may indicate monitoring suppression under load Denial of service is noisy by nature, but that noise often hides precision. Effective detection depends on layered observability across transport, logic, and behavior --- not just traffic volume. ## Prevention and Mitigation of Denial-of-Service Attacks Preventing denial-of-service attacks requires controls that limit resource abuse, reduce exposure, and shift failure gracefully. Many mitigations fail not because of missing tools, but because configurations don't match the architecture's actual risk surface. ### Architectural Design and Infrastructure Resilience Resilient systems absorb impact by design. Avoid tight coupling between frontend services and critical infrastructure. Introduce buffering layers --- such as queues, caches, or circuit breakers --- between public endpoints and core [workloads](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown). Use fail-open or fail-fast policies to avoid cascading failures under load. Cloud-native defenses must be embedded at the edge. Deploy reverse proxies or API gateways with aggressive timeouts, payload inspection, and retry suppression. Position autoscaling policies behind explicit rate constraints to prevent runaway expansion or cost shock during sustained floods. ### Rate Limiting and Adaptive Throttling Enforce per-IP and per-user rate limits at the application gateway, not at the app server. Burst ceilings and token-bucket algorithms work best when tuned against production baselines. High cardinality endpoints should include concurrency controls to restrict expensive operations, such as PDF generation or large data fetches. Use adaptive throttling to lower limits in real time during an attack, not just fixed ceilings. Some CDNs and API management layers support behavior-aware rate limiting, where IP reputation or anomaly scores inform throttle thresholds. ### Network Rules and Segmentation Block known amplification vectors --- DNS, NTP, SSDP, CLDAP --- at the edge unless explicitly required. Ingress filtering (BCP 38) helps prevent spoofed packets from participating in reflection attacks. For internal workloads, segment services to limit lateral exhaustion risks, and route traffic through rate-aware firewalls. Set strict controls on publicly exposed services. For example, avoid exposing full GraphQL schemas or admin endpoints without IP allowlisting or API tokens. If application backends must remain open, enforce reverse-path filtering and protocol verification to reject malformed payloads. ### IAM Controls and Bot Defense Ensure bots and service accounts cannot abuse APIs without verification. Require strong identity assertions from automated users, such as signed tokens or mTLS. IAM misconfiguration allows bot frameworks to flood privileged APIs from inside trusted networks. Implement CAPTCHA or behavioral challenge systems on forms, authentication flows, and support portals. Rotate endpoint paths and throttle unauthenticated users more aggressively. Use device fingerprinting and request integrity tokens to invalidate repeated sessionless requests. ### What Doesn't Work Overreliance on volumetric thresholds alone is ineffective. Many application-layer DoS attacks stay under traditional detection limits. Similarly, relying solely on autoscaling as protection against high request volume leads to cost overflow without addressing the root cause. WAFs alone won't stop Layer 7 DoS unless paired with real traffic intelligence. Blocklists and static rules miss randomized payloads and protocol abuse. Without behavior modeling, they quickly fall out of sync with attacker techniques. Training and incident playbooks often neglect DoS scenarios, treating them as availability issues rather than coordinated threats. Teams must be prepared to triage DoS events as active intrusions, not just service outages. Successful mitigation combines distributed enforcement, protocol awareness, identity validation, and tight coupling between infrastructure and security telemetry. Without that integration, defenses remain reactive and fragmented. ## Response and Recovery from Denial-of-Service Attacks A well-coordinated response to a denial-of-service attack must begin before the first packet hits the perimeter. Real-time containment and long-term resilience depend on preparation, precision, and cross-functional clarity under pressure. ### Immediate Containment Actions The first task is to isolate the source and reduce impact. If the attack targets a specific IP or service, reroute traffic through a DDoS mitigation provider or activate upstream scrubbing services. Dynamic DNS adjustments can redirect users to backup endpoints, decoupling production APIs or portals from the overloaded infrastructure. Rate limits, geo-blocking, and ACL adjustments should be applied quickly to filter malicious traffic at the edge. If application-layer attacks are in play, disable or throttle impacted routes. Use emergency caching rules to serve static content and offload dynamic computation where possible. If the service is customer-facing, activate predefined communication protocols immediately. Provide transparent updates on status pages, incident portals, or public feeds to reduce inbound noise and preserve customer trust. ### Key Response Teams and Tools An effective DoS response involves multiple units. The network team should work with upstream providers and DDoS mitigation vendors to enforce blocking and redirection. The application team must trace impacted endpoints and isolate resource-intensive calls or plugins. [Security operations](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) must correlate with SIEM data to detect any concurrent threat activity. Include [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) in failover and rollback decisions. Legal and communications teams must be looped in early if customer access, SLAs, or regulatory exposure is at risk. If extortion is involved, engage executive and legal counsel immediately and consider law enforcement notification through channels such as IC3 or CISA. SIEM and XDR platforms should be used to detect deviation from baseline behavior and assess whether the DoS is a diversion for deeper compromise. ### Recovery and Post-Mortem Once stability is restored, conduct a detailed post-mortem to identify failure points across infrastructure, application logic, and communications. Review logs for anomalies during the attack window. Determine whether telemetry, visibility, or alerting degraded under pressure. Update rate limits, WAF rules, timeout policies, and scaling configurations based on observed behavior. Evaluate whether logging infrastructure or incident workflows themselves contributed to downtime. If the attack revealed any [IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) weaknesses or exposed admin surfaces, prioritize remediation and secret rotation. Debrief all involved teams and update the runbook. Include scenarios for application-layer DoS, protocol-level floods, and cloud-specific saturation patterns. Incorporate lessons into tabletop exercises and automate known-good responses into the [CI/CD pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) wherever feasible. Denial-of-service events test not just technical defenses, but organizational reflexes. The most resilient teams treat them as rehearsals for more complex failures --- and build muscle memory to move from disruption to containment without delay. ## Operationalizing Denial-of-Service Defense The most effective denial-of-service protections emerge from operational discipline across teams, systems, and suppliers. Organizations that treat DoS as an engineering and coordination problem --- not just a network anomaly --- are better positioned to absorb, adapt, and recover with minimal impact. ### Map Critical Services and Failure Domains Not all services need the same level of protection. Begin by mapping your public- and partner-facing interfaces, APIs, and integrations that are essential to core business functions. For each, define acceptable downtime, recovery point objectives, and dependencies across DNS, identity, cloud infrastructure, and telemetry. Use this analysis to identify choke points --- places where a single DoS vector could cascade into broader outages or trigger expensive autoscaling events. Document which controls are in place, which are reactive, and which remain assumptions. ### Embed DoS Scenarios in Incident Playbooks DoS scenarios are rarely included in traditional [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) runbooks. Most workflows emphasize data compromise or malware containment. Add specific tracks for volumetric and application-layer events, including DNS rerouting, traffic diversion, and customer communication triggers. Simulate real-world events using chaos testing or red team drills. Test response speed not only across security but also legal, public relations, infrastructure, and support. Effective DoS mitigation depends as much on decisive internal routing as on packet filtering. ### Coordinate with External Providers Work with upstream ISPs, CDN providers, and DDoS mitigation partners before the emergency. Ensure your teams know which contacts to engage, what thresholds trigger intervention, and what contractual support (e.g., bandwidth caps, rate exemptions) is available under sustained [cyber attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown). For cloud environments, verify that mitigation tools are tuned to your architecture. Services like AWS Shield Advanced or Cloudflare Magic Transit require configuration alignment to be effective. ### Measure What Matters Track leading indicators of resilience: * Percentage of public endpoints behind traffic scrubbing or rate enforcement * Time to reroute or block a targeted endpoint * Error budgets consumed during peak attacks * False-positive impact on legitimate user traffic These metrics shift DoS protection from reactive patchwork to operational posture. ### Revisit Assumptions After Each Event Every denial of service is an opportunity to discover misaligned thresholds, brittle dependencies, or missed telemetry. Feed each event's data into architectural reviews. Treat every failed autoscaling, exhausted thread pool, or overloaded load balancer as a signal. Sustained resilience doesn't mean you never get hit. It means you're capable of absorbing attacks without turning a temporary disruption into a systemic outage. But resilience requires coordinated, practiced, and continuously hardened operations. ## DoS Attack FAQs ### What is a layer 7 attack? A layer 7 attack targets the application layer of the OSI model by sending seemingly legitimate requests designed to overwhelm specific services or functions. Attackers often mimic user behavior, making traffic hard to distinguish from real requests. These attacks exhaust resources without requiring massive volumes of bandwidth. ### What is a UDP flood? A UDP flood overwhelms a target by sending large volumes of UDP packets to random ports. Each packet prompts the host to check for an active service and respond with an ICMP "Destination Unreachable," consuming bandwidth and CPU. The lack of handshake makes the attack stateless and easy to spoof. ### What is a SYN flood? A SYN flood exploits the TCP handshake by sending a barrage of SYN packets without completing the connection. Each half-open session consumes memory and port table entries on the target server. Once resource limits are exceeded, legitimate connections are dropped or delayed. ### What is an HTTP flood? An HTTP flood abuses standard HTTP methods, often GET or POST, to overload a web server or application. Attackers issue high volumes of requests --- sometimes dynamically generated or randomized --- to force backend resource consumption. Because the traffic appears valid, simple filters and rate controls often fail. ### What is Slowloris? Slowloris holds many connections to a web server open simultaneously by sending partial HTTP headers at regular intervals. The server waits for the full request, keeping connections active until it exhausts thread or socket limits. The attack is highly efficient and can take down services using minimal bandwidth. ### What is DNS amplification? DNS amplification uses publicly accessible DNS resolvers to send large responses to a victim by spoofing their IP as the source. A small query from the attacker generates a much larger payload to the target, multiplying the impact. It's a common method in volumetric DDoS attacks. ### What is NTP amplification? NTP amplification abuses the Network Time Protocol's monlist command, which returns a large list of recent connections. Attackers spoof the target's IP and send small requests to misconfigured NTP servers, generating large responses directed at the victim. The amplification factor can exceed 500:1. ### What is CLDAP reflection? CLDAP reflection involves sending spoofed queries to open Connectionless LDAP servers, which then respond with large payloads to the victim. The protocol, used for Active Directory discovery, becomes a high-bandwidth reflector in DDoS campaigns. Its amplification ratio is significant, making it attractive to attackers. ### What is resource exhaustion? Resource exhaustion occurs when an attacker depletes finite system assets --- such as CPU cycles, memory, file descriptors, or threads --- by sending high volumes of requests or triggering expensive operations. The goal is to make services unresponsive or unstable, even with relatively modest traffic volume. ### What is autoscaling abuse? Autoscaling abuse exploits cloud systems' ability to scale up during traffic spikes. Attackers trigger repeated scaling events, increasing compute usage and driving up costs. In some cases, backend systems fail under load despite scaling, compounding both disruption and financial impact. ### What is traffic scrubbing? Traffic scrubbing filters malicious traffic from legitimate traffic before it reaches the target. Scrubbing centers, often operated by cloud or CDN providers, analyze flow patterns, signatures, and packet attributes to remove attack traffic in real time, allowing clean traffic to pass through to the origin. ### What is API abuse? API abuse occurs when attackers manipulate application programming interfaces to trigger excessive backend processing, bypass authentication, or extract data. Common techniques include high-frequency calls, malformed requests, and input fuzzing. Attackers often target business logic or quota misconfigurations to degrade service or exploit downstream services at scale. ### What is a volumetric attack? A volumetric attack saturates available network bandwidth by flooding the target with massive amounts of traffic, typically using botnets or amplification techniques. The goal is to overwhelm routers, firewalls, or load balancers before packets reach the application layer. These attacks are measured in gigabits or millions of requests per second. ### What is a protocol attack? Protocol attacks exploit vulnerabilities in network or transport layer protocols, such as TCP, UDP, or ICMP. By crafting malformed packets or abusing protocol behavior --- like TCP handshake states or SSL renegotiation --- attackers consume connection tables or processing resources. These attacks often stay below bandwidth thresholds but disrupt core system functions. ### What is connection exhaustion? Connection exhaustion occurs when a server's maximum concurrent connection pool is filled, often by partial or slow connections that never complete. Once the pool is saturated, new legitimate connections are dropped or delayed. Attackers may use tactics like slow HTTP requests or SYN floods to trigger exhaustion. ### What is an amplification vector? An amplification vector is a service or protocol that multiplies an attacker's input into a larger output directed at the victim. DNS, NTP, and Memcached are common examples. Attackers spoof the victim's IP and send small requests, resulting in disproportionate traffic volumes targeting the victim. ### What is HTTP/2 abuse? HTTP/2 abuse targets protocol features like multiplexing, header compression, and stream prioritization. Attackers can overwhelm servers by initiating large numbers of streams without closing them, triggering excessive memory allocation or thread usage. In 2023, a vulnerability allowed attackers to bypass request limits, leading to record-breaking DDoS campaigns. ### What is IP spoofing? IP spoofing forges the source IP address of packets to impersonate another host. Attackers use it to obfuscate origin, bypass filters, or direct reflection attacks at a victim. Without proper ingress filtering, spoofed traffic can appear legitimate to network devices and overwhelm services or misdirect responses. ### What is BCP 38? BCP 38 is a best current practice that recommends network operators implement source address validation to prevent IP spoofing. By filtering outbound traffic that doesn't match the provider's assigned IP ranges, BCP 38 limits the ability of attackers to launch reflection or amplification attacks from spoofed sources. ### What is failover? Failover is an automated or manual switch from a primary system to a secondary one when the primary becomes unavailable. In denial-of-service defense, failover mechanisms redirect traffic to alternate routes, backup servers, or cached content to preserve service continuity during disruption or overload. ### What is resilience engineering? Resilience engineering in cybersecurity focuses on designing systems that absorb, adapt to, and recover from failure. In the context of DoS, it means architecting services with redundancy, graceful degradation, dynamic throttling, and distributed risk, rather than assuming all failures can be prevented. ### What is a traffic anomaly? A traffic anomaly is a deviation from established network behavior patterns. It may include unexpected spikes in requests per second, new user-agent strings, inconsistent protocol usage, or unrecognized IP geographies. Anomalies often precede or coincide with denial-of-service attempts or other malicious activity. ### What is MITRE T1498? MITRE ATT\&CK technique T1498 refers to "Network Denial of Service." It covers attacks that exhaust network bandwidth or overload network infrastructure components. This includes volumetric floods, reflection attacks, and protocol abuse that degrade or disrupt access to services over the internet or internal networks. ### What is MITRE T1499? MITRE ATT\&CK technique T1499 represents "Endpoint Denial of Service." It focuses on attacks that exhaust resources on specific systems, such as CPU, memory, or storage. Techniques include fork bombs, service crashes, and local protocol abuse, typically aiming to disable or degrade endpoint functionality during broader campaigns. ### What is a scrubbing center? A scrubbing center is a specialized infrastructure used to filter out malicious traffic during a denial-of-service attack. Traffic is rerouted through the scrubbing service, where volumetric floods and malformed packets are removed before forwarding clean traffic to the target. Scrubbing centers operate at scale and in real time. ### What is geo-blocking? Geo-blocking restricts or filters network traffic based on geographic location, often by IP geolocation. Organizations use it to limit exposure during attacks by dropping requests from high-risk regions or countries irrelevant to business operations. While effective for some volumetric threats, it can block legitimate users if poorly tuned. ### What is packet inspection? Packet inspection analyzes the contents of network packets beyond just headers. Deep packet inspection (DPI) examines payloads for protocol compliance, malicious signatures, or application-layer anomalies. In denial-of-service defense, it helps detect malformed packets, protocol abuse, or command-and-control beacons embedded in traffic streams. ### What is infrastructure saturation? Infrastructure saturation occurs when core components --- load balancers, reverse proxies, or backend services --- reach resource capacity due to sustained traffic pressure. Bandwidth, CPU, memory, or connection limits may be overwhelmed, triggering timeouts or cascading failures across dependent systems, even in horizontally scalable environments. ### What is a circuit breaker in cloud architecture? A circuit breaker prevents repeated calls to a failing service by blocking requests after a threshold of errors is met. In cloud architectures, it helps limit resource exhaustion by failing fast and enabling fallback logic. It isolates failures and preserves system stability under stress conditions such as DoS. ### What is request throttling? Request throttling limits the number of requests a user, IP, or session can make in a given time window. It protects APIs and web services from overload by rejecting or delaying excess requests. Throttling is implemented at gateways or proxies to enforce fair use and mitigate automated abuse. ### What is burst control? Burst control regulates short spikes in traffic by defining thresholds above sustained request rates. Unlike fixed rate limits, it allows temporary surges while capping extreme peaks that could overwhelm services. Burst control helps maintain availability and performance during flash crowds or low-grade DoS attempts. ### What is cache bypass? Cache bypass occurs when attackers craft requests designed to avoid edge or CDN caching, forcing origin servers to handle every response. By varying query strings or headers, attackers make each request appear unique. The goal is to saturate backend resources through high-cost dynamic processing. ### What is DNS failover? DNS failover automatically redirects traffic to an alternate server or region if the primary becomes unreachable. It relies on health checks to update DNS records in real time. DNS failover helps maintain service continuity during attacks, outages, or regional disruptions by shifting load to healthy endpoints. ### What is a web application firewall? A web application firewall (WAF) inspects HTTP/S traffic to detect and block malicious payloads targeting application vulnerabilities. It enforces rules against common attack vectors like SQL injection, XSS, and L7 DoS. WAFs operate inline at the edge or on cloud gateways to protect web-facing services. ### What is TLS renegotiation? TLS renegotiation allows clients and servers to renegotiate encryption parameters mid-session. Attackers abuse it by triggering repeated renegotiation requests, forcing servers to perform expensive cryptographic operations. Without throttling, TLS renegotiation can exhaust CPU and thread pools, making it a viable low-bandwidth DoS vector. ### What is telemetry degradation? Telemetry degradation occurs when observability systems --- logs, metrics, or traces --- fail to capture or forward data during an attack or overload event. High request volumes may drop log entries, overflow queues, or exceed throughput limits, creating blind spots just as operational visibility becomes most critical. ### What is chaos testing? Chaos testing introduces controlled failures into production-like environments to validate system resilience. In DoS defense, it helps identify brittle components, confirm failover reliability, and measure recovery time. Chaos engineering practices simulate stress to harden architectures against unpredictable and sustained disruption. Related Content [DoS and Zone Protection Best Practices Discover best practices for deploying DoS and Zone Protection to defend against DoS attacks.](https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices) [Defending from DoS and Volumetric DDoS Attacks Gain strategies for defending against volumetric and slow path DoS attacks, including the use of Zone Protection and DoS policies.](https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules) [How to Protect a Web Server from a DoS Attack This detailed guide provides step-by-step instructions on configuring a DoS protection policy for a web server.](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClL3CAK) [Troubleshooting DoS Attacks Gain insights into troubleshooting scenarios due to firewall DoS attacks, including methods for identifying and mitigating session table and packet buffer issues.](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClL7CAK) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20Denial%20of%20Service%20%28DoS%29%20Attack%3F&body=Get%20comprehensive%20insights%20into%20denial%20of%20service%20%28DoS%29%20attacks%2C%20from%20buffer%20overflows%20to%20DDoS%20threats.%20Essential%20for%20tech%20enthusiasts%20and%20cybersecurity%20experts.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) What Is a Credential-Based Attack? [Next](https://www.paloaltonetworks.com/cyberpedia/hacktivism?ts=markdown) What Is Hacktivism? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language