Discuss the technical differences between denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, including their impact on targets.

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are both types of cyberattacks aimed at disrupting the availability of a system, service, or network to its intended users. However, they differ significantly in their technical execution and impact. A DoS attack involves a single source flooding a target with traffic, while a DDoS attack uses multiple sources simultaneously to overwhelm the target. This fundamental difference in attack vector leads to varying levels of severity and complexity in mitigation.

A DoS attack is typically launched from a single machine or network connection. The attacker floods the targeted server or network with a high volume of traffic, such as TCP SYN packets, UDP packets, or HTTP requests, intending to exhaust its resources and make it unable to respond to legitimate traffic. For example, a simple TCP SYN flood attack might involve an attacker sending numerous SYN packets to a server, leaving many half-open connections and exhausting the server's resources, preventing it from handling any other new connection. Another type of DoS attack might involve overwhelming a web server with a large number of HTTP GET requests from a single attacker machine. This could make the web server unresponsive to legitimate users. Because the attack source is singular, DoS attacks are usually easier to trace and mitigate, especially with the help of network security devices like firewalls, intrusion detection systems (IDS), or intrusion prevention systems (IPS). The mitigation strategies typically focus on identifying and blocking the attacker's IP address and implementing traffic-shaping techniques. DoS attacks are also usually less severe than DDoS attacks due to their limited scope and single point of origin.

A DDoS attack, on the other hand, is a more complex and impactful attack that involves multiple compromised systems, often referred to as a botnet, launching attacks simultaneously against the target. These compromised systems are typically infected with malware, allowing attackers to control them remotely. The use of a botnet, which can consist of thousands or millions of computers, increases the attack's scale and intensity significantly. For example, an attacker may use a command-and-control server to instruct the botnet to target a specific website, with each bot sending flood of traffic to the website simultaneously. This can quickly overwhelm a target infrastructure and make it impossible for legitimate users to access the service. DDoS attacks are often launched by using similar techniques as DoS, including TCP SYN floods, UDP floods, and HTTP floods but they originate from many sources at the same time. DDoS attacks are also used to amplify attacks, such as DNS amplification attacks, where an attacker sends DNS requests with a spoofed source IP address to various open DNS servers that then respond with a large amount of data to the intended target. The target can be overwhelmed by an amplified response from these DNS servers, causing disruption. Another example may be NTP amplification attacks that similarly abuse network protocols to cause similar disruptions. Due to the distributed nature of DDoS attacks and the sheer volume of traffic, tracing and mitigating them can be significantly more difficult than DoS attacks.

The impact of both DoS and DDoS attacks can be severe. Both types of attacks can result in service unavailability, causing business disruptions, financial losses, and reputational damage. E-commerce sites can lose sales, financial institutions may lose trust with customers, and government sites can be rendered unavailable. Additionally, these attacks can lead to a loss of productivity, increased operating costs, and potential damage to hardware and infrastructure due to resource exhaustion. DDoS attacks have a greater impact due to their amplified attack scale, making them capable of taking down even large, well-protected networks and infrastructures. Because of the distributed nature of the attacks it is usually more difficult to trace the origin of the attack or prevent it from happening with standard network security techniques that may be effective against DoS attacks.

In summary, the main technical difference between DoS and DDoS attacks is the source of the attack traffic: DoS attacks come from a single source, while DDoS attacks originate from multiple compromised systems. This difference greatly affects the scale, complexity, and difficulty of mitigating the attack. DDoS attacks generally have a more severe impact because they can overwhelm even robust defenses, whereas DoS attacks are typically easier to mitigate due to their single source. Both types of attacks cause service unavailability and significant impact on organizations and need to be mitigated to maintain service availability and network security.