As the volume of data is growing exponentially on the internet, distributed denial-of-service (DDoS) attacks are becoming increasingly common. In fact, DDoS attacks are a primary concern in Internet security today. Unlike other kinds of cyberattacks, DDoS assaults don’t attempt to breach your security perimeter. It aims to make an online service unavailable by sending a large volume of malicious traffic from large clusters of connected online devices (collectively known as a botnet) to a target server, service, or network. The target device will be overloaded with fake traffic and fail to respond to legitimate traffic. In other words, a DDoS attack is like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination.
Types of DDoS attacks
DDoS attacks can be divided into three general categories: volumetric attacks, protocol attacks, and application layer attacks.
1. Volumetric attacks
Volumetric attacks are the most common type of DDoS attacks. These involve massive amount of traffic (sometimes in excess of 100 Gbps) to inundate the network bandwidth. Hackers utilize many computers and internet connections that are often distributed around the world to send a hefty amount of traffic packets to the target website. It completely saturates the website’s available bandwidth, creating a traffic jam that makes it impossible for legitimate traffic to flow into or out of the targeted site. The magnitude of such an attack is measured in bits per second (bps). Examples of volumetric attacks include UDP floods, ICMP floods, and other spoofed-packet floods.
2. Protocol attacks
Unlike volumetric attacks, protocol attacks aim to exhaust server resources instead of bandwidth. It focuses on exploiting a weakness in the Layer 3 and Layer 4 protocol stack. It consumes all the processing capacity of the network infrastructure resources like servers, firewalls, and load balancers by making phony protocol requests, causing service disruption. The strength of protocol attacks is measured in packets per second (pps). Examples of protocol attacks include SYN floods, fragmented packet attacks, Ping of Death and Smurf DDoS.
3. Application layer attacks
Application layer attacks are the most sophisticated and serious type of attacks. Generally, they require fewer resources than volumetric attacks and protocol attacks. They focus on exploiting a weakness in the Layer 7 protocol stack. Attack traffic is usually legitimate. It establishes a connection with the target and then seeks to overload a server by sending a large number of seemingly legitimate and innocent requests requiring resource-intensive handling and processing. Eventually, the entire database connection pool of the server is busy and it blocks the legitimate requests. Application layer attacks are comparatively harder to mitigate. The magnitude is measured in requests per second (rps). Examples of application layer attacks include Slowloris and HTTP flood.
Although most common DDoS attacks broadly fall into these three categories, some attacks can be a combination. Hackers may launch a protocol attack to create a distraction and then launch an application layer attack since they take more time to find the vulnerabilities within the application layer. This is a new trend that is called “blended attacks”.
DDoS attack methods are evolving every day. They are increasing in frequency, complexity and size. Don’t want to be the victim of DDoS attacks? Chat with our experts to learn more about our anti-DDoS protection service.