12 chapter 1 Denial of Service is quite different from searching a product catalog or trying to log in. If you can find an operation on a site that requires significant computation, you can target that opera- tion in your attack. One emerging tactic is to flood a site with bogus login requests, as checking a user name and password takes longer to handle than a simple page request. This approach relies on computational properties of the requests and can be though of as a semantic DDoS attack. DAnGERS of DEnIAL of SERvICE If your DDoS attack exploits a vulnerability of your victim, you may only need to generate a very small amount of traffic. If you can successfully crash a machine, you may cause your victim to suffer downtime, lose business, or even lose customer data. This gives DDoS a high payoff for a low input. Flood attacks require generating a lot more traffic, but require significantly less sophistication to conduct. If you can generate enough legitimate-looking Web traffic, you can flood a Web server and shut down an online business. Again, there is a high payoff for a (relatively) low effort.