 Denial of service is an attack to block usage of networked resources. Such resources can be computers of end users, servers, routers and network links. Take the example of an attacker who wants to overload Bob's computer. A straightforward approach would be to send all attack traffic directly from the attacker's computer to Bob's computer. However, such approach would put a heavy load on the attacker's resources. A more effective approach is therefore to use an intermediate system as amplifier, such as a DNS, NTP or Chargan server. Such system can not only amplify the attack with factor 50 or more, but also hide the attacker's IP address from Bob. Instead of one, denial of service attacks often use multiple amplifiers. In such cases we talk about distributed denial of service or DDoS attacks. There are even web-based services that perform denial of service attacks for a few euro. Such systems are called BOOTOS. The detection of DDoS attacks is relatively easy. Prevention and mitigation is very hard, however.