What is a DDoS attack?
A distributed denial of service attack, also known as DDoS, is an attempt from multiple attack sources to prevent legitimate users from accessing a machine or network connected to the internet. This is done by flooding the target system with large volumes of requests from multiple sources in order to either temporarily or indefinitely interrupt service. These attacks can cost businesses thousands of dollars and damage their reputation depending on how long their resources are unavailable.
What are the symptoms of a DDoS attack?
While it can be difficult to detect a DDoS attack some symptoms can include:
- Usually slow network performance
- Extremely high server load
- Unavailability of a particular web site
Who are the attackers and how do they launch their attacks?
Distributed denial of service attacks no longer require expert cyber security knowledge. Easy to use tools can be readily be found on the internet and attacks launched by a beginner with the only information needed being the target’s IP address.
The top four reasons for attacks are: hacktivism, cyber warfare, cyber espionage, and cyber crime with the latter being responsible for over 65% of attacks.
What are the different types of DDoS attacks?
DDoS attacks fall into three main types:
- Volume based
- Protocol attacks
- Application layer attacks
Volume based attack
A volume based attack relies on swarms of requests, usually from illegitimate IP addresses, to overwhelm a website with a flood of traffic. The intent of these attacks are to use up available bandwidth in order to prevent legitimate traffic from accessing the site. Common attacks include UDP and ICMP floods. These attacks are measured in bits-per-second (bps).
The goal of protocol attacks is to drain system resources by sending open requests such as a TCP/IP request with phony IPs, saturating network resources to the point that those resources can’t respond to legitimate requests. Attacks are measures in packets-per-second (pps). Common attacks include Smurf DDos, Ping of Death, and SYN floods. Another type of protocol attack includes sending large fragmented packets to overwhelm the system.
Application layer attacks
Layer 7 attacks are slow and stealthy by sending seemingly harmless requests that appear to be normal human interaction meant to bring down a web server or steal data. These attacks commonly target HTTP using botnet. Attacks are measured in requests-per-second (rps). Common attacks include Slowloris, Apache Killer and Cross-site scripting, SQL injection, and Remote file injection.
Want more information? We've also written a blog about this topic: