Modernization Hub

Beat the Clock Every Time

Create custom timers for workouts meetings and tasks - Stay focused and achieve your goals

Learn More

Sponsored

Denial of Service - DoS attack

Enhanced Definition

A Denial of Service (DoS) attack on a mainframe system aims to make a z/OS system, its applications, or network resources unavailable to legitimate users by overwhelming it with excessive requests or data, consuming critical resources, or exploiting vulnerabilities. The primary goal is to disrupt the availability and performance of critical enterprise services hosted on the mainframe. A Denial of Service (DoS) attack in the mainframe context is a malicious attempt to make an IBM z/OS system, its applications (like CICS, IMS, DB2), or network services unavailable to legitimate users. Its primary goal is to disrupt the availability of critical business functions by overwhelming system resources or exploiting vulnerabilities, rather than stealing data.

Key Characteristics

    • Resource Exhaustion: DoS attacks often target finite mainframe resources such as CPU cycles, memory (storage), I/O channels, network buffers, or application-specific resources like CICS transaction slots or DB2 connections.
    • Network Saturation: Flooding the z/OS TCP/IP stack with a high volume of traffic (e.g., SYN floods, UDP floods) can consume network bandwidth and processing power, preventing legitimate connections to mainframe services.
    • Application Overload: Attacks can specifically target mainframe applications (e.g., CICS regions, IMS message processing regions, DB2 stored procedures) by sending a large number of requests designed to consume their internal resources or exploit inefficient processing paths.
    • Impact on Availability: The direct consequence is the degradation or complete cessation of critical business services hosted on the mainframe, leading to significant financial and reputational damage.
    • Single Source (typically): While Distributed DoS (DDoS) involves multiple sources, a traditional DoS attack typically originates from a single attacker or a limited number of sources, making it potentially easier to identify and mitigate.

Use Cases

    • TCP/IP Stack Flooding: An attacker might send a massive number of SYN packets to the z/OS Communications Server, attempting to exhaust the connection table and prevent new, legitimate connections to CICS, DB2, or other network services.
    • CICS Transaction Flooding: Repeatedly invoking a resource-intensive CICS transaction (e.g., one that performs complex database queries or extensive file I/O) from a single source can consume CICS region CPU, storage, and transaction slots, impacting other users.
    • DB2 Connection Exhaustion: An external attack that rapidly attempts to establish and hold a large number of concurrent DB2 connections can exhaust the maximum allowed connections for a DB2 subsystem, preventing legitimate applications from connecting.
    • IMS Message Queue Overflow: Sending a high volume of messages to an IMS transaction queue can overwhelm the Message Processing Regions (MPRs), causing message backlogs, slow response times, or even system instability.

Related Concepts

DoS attacks are fundamentally a security concern related to the availability aspect of the CIA triad (Confidentiality, Integrity, Availability). They are mitigated through robust network security configurations on the z/OS TCP/

Never Miss a Deadline

Powerful countdown timers and reminders to keep your projects on track and your team synchronized

Learn More

Sponsored

Related Products

IMS

by IBM
Active
Databases Transactions

z/OS

by IBM
Active
Operating System

ESS

by Trax Softworks
Active
Browse and Edit Content, Books and Documents

Related Vendors

IBM

646 products

Trax Softworks

3 products

Related Categories

Performance

171 products

Databases

211 products

Transactions

29 products

Operating System

154 products