To accomplish a denial of service (DoS) attack, an attacker will attempt to open all available connections for a service and then send random commands through that connection. The DoS monitor keeps track of repeated connection attempts per service and the commands sent to the server. Based on the sensitivity setting, the monitor will perform the selected ban type when the threshold is satisfied.