In The Art of War, Chinese military strategist Sun Tzu famously said that if you know your enemy and you know yourself, you will not be imperiled in a hundred battles. Sun Tzu lived in the 6th century BCE, well before DDoS attacks were ever thought of, but not only does his advice ring true for these attacks, but he also seems to know just how many episodes are being aimed at some organizations.
There are plenty of delightful tidbits to be uncovered about these powerful and pervasive attacks, but where the education needs to begin is at its very core. Here’s what you need to know about the three main types of DDoS attacks.
Every type of DDoS attack
As mentioned, there are three main types of distributed denial of service or DDoS attacks: application layer, volumetric, and protocol. Regardless of which episode is being used, the goal is the same: to overwhelm a target website with malicious traffic to take it offline and keep its users from being able to access it.
Every DDoS attack results in frustrated users, some of whom take to social media to complain loudly, and many of whom experience a loss of trust or loyalty. Some DDoS attacks are powerful enough to cause hardware or software damage. Even worse, some are used as a distraction to occupy security employees while a hack or data theft occurs.
Distributed denial of service attacks come from botnets, which are large networks of infected devices controlled remotely by the people using the botnets. These devices give attackers a huge amount of computing power, which can be aimed at target websites through malicious traffic. Where and how that traffic is sought depends on which type of attack it is.
RELATED ARTICLES :
- How to make your new website stand out
- How to enjoy a premium VPN service and watch your favorite channels in a hassle-free manner
- Back To School Internet Safety Tips For Parents
- Enjoy Tech While Staying on Top of your Cybersecurity
- Tips on Child Mobile Internet Safety
DDoS attack type #1: application layer attacks
The application layer of a website or online service is the part that interacts with end-users. For application-layer attacks to successfully get to the target server, the malicious requests are usually made to resemble the requests from legitimate users, such as repeated requests to load a graphic or web page.
Since request-response is one of the basic ways computers communicate, application-layer attacks are measured in requests per second (fps). These attacks are most effective and efficient when the botnet’s requests require a large or complex response from the server, tying up the memory and CPU to render the server unavailable to users easily. With memory and CPU being finite resources, application-layer attacks require less computing power than other DDoS attacks.
Popular or well-known DDoS attacks under the application layer heading are HTTP floods and reflective DNS amplification attacks.
DDoS attack type #2: volumetric attacks
The application layer isn’t the only layer of the OSI model that gets targeted by DDoS attacks. The network layer also gets nailed, and one of the types of DDOS attacks that aim at it is volumetric attacks, measured in Gigabits per second (Gbps) or bits per second (bps).
Volumetric DDoS attacks are the heavy hitters of the DDoS world, aiming to saturate the target’s bandwidth with a massive amount of malicious traffic. These attacks have become more common and easier to accomplish with the advent of IoT botnets that take advantage of lax security in the IoT. The havoc wreaked by the Mirai botnet last fall (such as the Dyn and Brian Krebs attacks) is a good example of volumetric attacks at work.
Common volumetric DDoS attacks include DNS amplification, NTP amplification, and UPD and TCP floods.
DDoS attack type #3: network protocol attacks
Network protocol attacks also tend to aim at the network layer. They exploit vulnerabilities in the set of rules used to exchange information on the internet. By exploiting these vulnerabilities, network protocol attacks can consume a target’s processing capability or exhaust critical resources like firewalls, resulting in a disruption of service for legitimate users.
For instance, there is a rule governing the size of packets being exchanged over the Internet. However, this rule doesn’t prevent boxes that are too big from being sent. Ping of Death is a network protocol DDoS attack that sends a much-too-large packet in fragments. When the target system reassembles the box, the memory buffers overflow and no memory is left for legitimate packets.
In another example of a network protocol attack, an attacking botnet will send connection requests called SYN messages to the target server. The target server then replies with SYN acknowledgments or SYN-ACK messages. With this step completed, connections are opened. In an SYN flood attack, these connections are left open, binding up server resources while the server waits for a response that will not come. The SYN flood and Ping of Death are common types of network protocol attacks measured in packets per second (apps).
More in common
Unlike these attacks, sophisticated attackers will often combine these attack types into one DDoS mess that can easily leave a website crippled. Whether used together or on their own, one more thing these attack types have in common is that they require professional DDoS mitigation.
Distributed denial of service mitigation that combines a scalable and powerful approach to dealing with volumetric attacks, granular traffic analysis for checking out sneaky application-layer attacks, and a careful and proactive approach to eliminating those protocol vulnerabilities is the only type of mitigation that effectively protects against all three main types of DDoS attacks. This is essential because DDoS attacks are more common than ever, and rare is the website that isn’t at risk. As Sun Tzu said, the art of war teaches us to rely not on the likelihood of the enemy’s not coming but on our readiness to receive him. “Consider DDoS protection that’s cloud-based,” he did not add, but may have, had he lived in our time.