SYN Flood – A SYN flood DDoS attack exploits a known weakness in the TCP connection sequence (the “three-way handshake”), wherein a SYN request to initiate a TCP connection with a host must be answered by a SYN-ACK response from that host, and then confirmed by an ACK response from the requester. This type of attack can consume both outgoing and incoming bandwidth, since the victim’s servers will often attempt to respond with ICMP Echo Reply packets, resulting a significant overall system slowdown. ICMP (Ping) Flood – Similar in principle to the UDP flood attack, an ICMP flood overwhelms the target resource with ICMP Echo Request (ping) packets, generally sending packets as fast as possible without waiting for replies. This process saps host resources, and can ultimately lead to inaccessibility. This type of attack floods random ports on a remote host with numerous UDP packets, causing the host to repeatedly check for the application listening at that port, and (when no application is found) reply with an ICMP Destination Unreachable packet.
UDP Flood – This DDoS attack leverages the User Datagram Protocol (UDP), a sessionless networking protocol. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second.
Application Layer Attacks – Includes low-and-slow attacks, GET/POST floods, attacks that target Apache, Windows or OpenBSD vulnerabilities and more.This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in Packets per second. Protocol Attacks – Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more.The attack’s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps). Volume Based Attacks – Includes UDP floods, ICMP floods, and other spoofed-packet floods.Connectionless – An attack that does not require a session to be formally established before a sender (server) can send “data packets” – a basic unit of communication over a digital network – to a receiver (client).Ī DDoS attack can fall into the following three broad categories, depending on the area of the network infrastructure on which the attack is focused:.Connection-based –An attack that occurs once a connection between a server and a client has been established via certain standard protocols.On a very high level, a DDoS attack can be first divided into the following two categories: Exploit operating system vulnerabilities to drain system resources.Execute malware that affects processors and triggers errors in computer microcodes.Hit system resources like bandwidth, disk space, processor time or routing information.Target alarms, printers, phones or laptops.Disable a specific computer, service or an entire network.DDoS Attack – Distributed Denial of Service Attack (DDoS)Ī DDoS attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server or service.ĭDoS attack is launched from numerous compromised devices, often distributed globally in what is referred to as a botnet.ĭDoS attacks are designed to target any aspect of a business and its resources, and can easily: