Denial of service (DoS) attacks can range from single packet attacks that can crash applications and servers to streaming packet floods from the same attacker.
In single packet attacks, a carefully crafted packet is formed that exploits a known operating system flaw or application vulnerability. Malformed packet attacks are covered in more detail in Chapter 11.
In a DoS flood attack, server or network resources are exhausted by a flood of packets. Because a single attacker sending a flood of packets can be identified and isolated fairly easily, the approach of choice for attackers has evolved to distributed denial of service (DDoS) attacks. In a DDoS flood attack, an attacker uses multiple machines that he controls to flood a target (see the "Botnets" sidebar).