Editing Computer security (section)

=== Denial-of-service attack ===
[[Denial-of-service attacks]] (DoS) are designed to make a machine or network resource unavailable to its intended users.<ref name="DoS guidance">{{Cite web |title=Denial of Service (DoS) guidance |url=https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection |access-date=2023-12-04 |website=www.ncsc.gov.uk |language=en}}</ref> Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim's account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single [[IP address]] can be blocked by adding a new firewall rule, many forms of [[Denial-of-service attack#Distributed DoS|distributed denial-of-service]] (DDoS) attacks are possible, where the attack comes from a large number of points. In this case, defending against these attacks is much more difficult. Such attacks can originate from the [[zombie computer]]s of a [[botnet]] or from a range of other possible techniques, including [[Denial-of-service attack#Reflected attack|distributed reflective denial-of-service]] (DRDoS), where innocent systems are fooled into sending traffic to the victim.<ref name="DoS guidance" /> With such attacks, the amplification factor makes the attack easier for the attacker because they have to use little bandwidth themselves. To understand why attackers may carry out these attacks, see the 'attacker motivation' section.