Distinguishing Between Lack Of Capacity And A Denial-of-service Attack

Lack of capacity is when there isn't enough bandwidth or resources available at any given time to handle all traffic requests. Denial-of-service attacks occur when malicious users overload servers with traffic requests to make them unavailable for legitimate users. 

This can be done through botnets, which are networks of computers infected with malware that allows hackers remote access into those devices without their owners' knowledge or consent. These bots will then send an overwhelming number of requests from multiple sources, making it difficult for the server's owner to distinguish between good and bad traffic.

This type of attack can lead to downtime and lost revenue due to decreased sales during this period. It also results in negative brand perception among customers who experience poor service quality during this time frame because they cannot access your website or app properly while shopping online with you.

We know it can be tricky figuring out if what you’re experiencing is a lack of capacity or something else entirely. Here are some things that could help point you in the right direction

Is there any traffic hitting your servers?

You have to check if there is any traffic hitting your site or not. If traffic hits, you face a lack of capacity on your website and need to improve your capacity. But if there is no traffic hitting your servers and still the service is denied, you are experiencing a DOS attack.

How much memory does each server have available?

If you have memory available on all servers and are still not getting service from that server, you might face a DOS attack. Although if you don’t have memory on the server, you might not be facing a DOS attack, instead you need to upgrade the memory.

Do any errors show up in your logs?

If you lack capacity on your servers, a specified error will show to tell you that you don’t have the capacity like “EC2 is out of capacity”, but if you don’t get this error, you might be in between a DOS attack that needs to take action accordingly.

What kind of CPU usage do you see on each server?

If the CPU usage is normal and fluctuating, the usual traffic and the hikes you are seeing are just traffic in bulk for some reason. But if there are no fluctuations and the CPU activity is continuously at the top, you might be facing a DOS attack.

If you want to learn more about DOS and DDOS attacks, read this article.