Introduction

When services that should normally be accessible over the Internet are unavailable, this is described as a denial of service (DoS).

There can be various reasons for a DoS. Physical unavailability is one possible cause: this may come about due to accidental overloading of a system, but may also be the result of a deliberate attack.

This kind of wilful overloading of a service is normally achieved with the help of a botnet. Here, attackers combine groups of IT systems they have commandeered previously and unleash them all on the target at the same time. If the target is a host system, this massive volume of simultaneous queries results in a very slow response time. In such cases, the host's services or web pages can be accessed by legitimate users only with considerable delays -- if indeed at all. This is referred to as a distributed denial of service (DDoS).

In other cases, attackers do not merely depend on the sheer number of their queries, but also attempt to exploit specific errors in code on the target system. This approach not only slows down the targets; it can also cause them to malfunction or even crash.

Documents and information

Below you will find information and support from the German Federal Office for Information Security and the Alliance for Cyber Security that can be useful in both preventing and responding to such an incident. Please note that some of these documents are not publicly available, but require a login to the internal area of the Alliance for Cyber Security website.

Qualified service providers

In the case of cyber attacks, the involvement of a qualified service provider can be useful both for prevention and after an acute security incident.
Here you will find the list of service providers as well as the selection criteria for qualified DDoS mitigation service providers. If you are interested in becoming a qualified service provider, you will also find a description of the process and contact information on this page.