Hi!
Disclaimer: The following is a discussion around the subject, not an answer.
Under the section
Methods of Attack in the article on Denial of Service attacks we can read that there are two basic forms of attack:
Crashing a serviceFlooding a service
XSS Attacks
The main purpose of
Cross Site Scripting attacks is to bypass security.
This itself does not lead to neither crashing nor flooding the service, but may be a first step in such an attempt.
Man in the Middle
Man in the Middle attacks enables listening to encrypted communication and injection of new and/or manipulated messages.
Passive listening to communication will neither flood nor crash a service. Injection of new or manipulated messages may.
I still feel that the Man in the Middle attack is more a step in the direction of crashing or flooding a service, not the form of attack that actually crashes/floods the service.
For instance, in order to know that the injection of a new/manipulated message actually has some effect, an attacker may construct the message as to take advantage of a buffer overflow flaw.
Session Hijacking
Session hijacking enables access to a service using some other person or system's credentials.
Again, this attack may indirectly facilitate crashing or flooding a system but only in combination with other attacks.
SQL Injection
SQL injection enables execution of arbitrary SQL code in the target system.
Commonly not used to crash or flood services, but rather to gain unauthorized access to a system and steal information.
However, may be used as a means to crash a service by, for instance, injecting a SQL statement that deletes all the users of the system or some other, vital, data.
Buffer Overflow
A
buffer overflow flaw allows writing of arbitrary data, or code, to memory - for instance the stack.
A buffer overflow attack could overwrite the stack or program memory and thereby disrupt the execution of a service - crashing it.
Buffer overflow attacks may also allow for execution of code crafted by the attacker which purpose may be to crash the service.
My
personal conclusion is that SQL Injection and Buffer Overflow are the forms of attack closest related to Denial of Service attacks.
Best wishes!