Distributed Denial of Service (DDoS) assaults have made websites and online services very vulnerable. The goal of these types of assaults is to flood a server, service, or network with so much traffic that it disrupts its regular traffic. Learning about the various types of distributed denial of service (DDoS) assaults may improve organisations’ readiness and defence against these disruptive situations. Read more to learn about their types.
What Are DDoS Attacks?
The types of DDoS attacks vary, but they all share the goal of rendering a service unavailable to its intended users. These attacks exploit the capacity limits of network resources, such as the infrastructure that supports an organisation’s website. By flooding these resources with huge requests, they can prevent genuine users from using the service by slowing it down or crashing it.
1. Volume-Based
They use massive amounts of traffic to overwhelm the bandwidth of a targeted network or service. The sheer volume of data sent to the target can cause network congestion, leading to slow performance or complete service unavailability.
UDP Floods: In a UDP flood, the attacker sends many User Datagram Protocol packets to random ports on the target. The target system tries to process these packets, but the volume is too high, leading to a denial of service.
ICMP Floods: Similar to UDP floods, ICMP floods involve sending a high volume of Internet Control Message Protocol echo requests (pings) to the target. The target system can’t handle legitimate traffic because it’s too busy processing all the requests.
2. Protocol
Protocol exploits weaknesses in network protocols to consume server resources or saturate intermediate communication devices like firewalls and load balancers.
SYN Floods: A SYN flood exploits the TCP handshake process. They send incomplete SYN requests to a target’s system, leaving half-open connections that consume resources and prevent legitimate connections.
Ping of Death: involves sending malformed or oversized packets using the ping command. The oversized packets can cause buffer overflows, crashing the target system.
3. Application Layer
The Application layer targets the OSI model’s top layer, focusing on disrupting specific applications or services.
HTTP Floods: They send many HTTP requests to the target web server in an HTTP flood. These requests mimic legitimate traffic but are sent in such high volumes that they overwhelm the server, causing slowdowns or crashes.
Slowloris: This maintains many persistent connections to the specified web server. Sending partial HTTP requests prevents the server from freeing up connections, eventually leading to resource exhaustion.
4. DNS Amplification
They send a small query with a spoofed IP address (the target’s IP) to a DNS server. After that, the server increases the volume of traffic going to the target by responding with a substantially larger response.
Recursive DNS Query: They exploit DNS servers’ recursive feature to generate multiple queries and responses. By sending many of these queries, they can significantly amplify the traffic volume directed at the target.
5. Hybrid
Hybrid combines elements of different DDoS attack types to maximise damage and complicate mitigation efforts.
Multi-Vector: They might simultaneously combine volume-based, protocol, and application layers. This approach can overwhelm multiple aspects of a target’s infrastructure, making it harder to implement effective defences.
Grasping the different types of DDOS attacks is crucial for organisations looking to protect their online services and infrastructure. Each type presents unique challenges, from volume-based and protocol to application layer and hybrid. By recognising them as vectors and implementing robust security measures, organisations can better defend against the ever-evolving threat of DDoS attacks. Keeping up with these typical entry points is more important than ever due to the increasing sophistication of cyber attacks.