Cyberattacks come in many forms. Depending on their goals, the attackers can choose what type of attack they’ll conduct. Usually, cyberattackers want to steal your data. However, sometimes they also want your resources to be unavailable for a certain period of time. To achieve that, they conduct a Distributed Denial of Service (DDoS) attack or DDoS attack for short. Unfortunately, this cyberattack affects many companies worldwide. In fact, a report by Cisco states that by 2022, the world will see 14.5 million DDoS attacks.
Since they’re so prevalent, you should know what exactly these attacks are. You can then take measures to prevent them. In this article, I’ll talk about DDoS attacks and go over their major types and subtypes. After that, you should be able to make more informed decisions to better protect your network.
Let’s start with the basics and talk about what a DDoS attack is.
What Is a DDoS Attack?
In a DDoS attack, a cyberattacker uses botnets (compromised devices) spread across multiple connected devices. These botnets also send millions of requests to your websites. This overwhelms your resources and crashes your servers. Unlike other cyberattacks, this one doesn’t steal your data or breach your network. Rather, it makes your resources unavailable for legitimate users.
Why do attackers choose DDoS attacks to attack companies? They do this for 2 reasons:
- A DDoS attack affects a company’s entire online database. In turn, that results in a lot of visibility. After that, companies suffer from reputational and financial loss.
- A DDoS attack is usually a smokescreen for a data breach or ransomware attack.
Again, the attacker’s motive and goal determine how they go through with these attacks.
On that note, I’ll now discuss the different types of DDoS attacks.
Types of DDoS Attacks
DDoS attacks get launched from many devices at the same time. They aim to flood a chosen website or server with hostile or dummy requests. Based on the traffic type and protocols, DDoS attacks can be categorized into 3 major types:
1. Volumetric Attacks
Volumetric attacks are common types of DDoS attacks where a high volume of requests get sent from different devices to a target device. This traffic clogs the bandwidth and blocks legitimate packets from accessing the target device. A volumetric attack is the most dangerous type of DDoS attack.
2. Protocol Attacks
While volumetric attacks focus on the bandwidth, protocol attacks focus on exhausting a server’s resources. Specifically, these attacks target firewalls and load balancers. The malicious devices also send millions of connection requests. In turn, this exhausts all the available resources of the load balancers and servers. As a result, resources eventually run out for servicing the requests coming from legitimate users.
3. Application Layer Attacks
Application layer attacks focus on the vulnerabilities present in applications. In this attack, the cybercriminals mimic a user’s behavior. They also send a flood of requests that appear legitimate. Again, this floods the application’s resources. The key difference is that these application attacks only target specific features in an application. They may even go largely unnoticed.
While these are the three broad categories of attacks, many subtypes of DDoS attacks also exist. These subtypes each have a unique characteristic or quality to them as well. Let’s have a look at these now.
Subtypes of DDoS Attacks
Earlier, I discussed the broad categories of DDoS attacks. But DDoS attacks also have several subtypes as well. Understanding this information can help you take steps to stop these DDoS attacks in the first place. Here are the different subtypes of DDoS attacks:
Memcached DDoS attack
In this type of attack, the attacker floods the UDP’s database caching system with data packets. (This system is called Memcache). This overwhelms the system’s resources and it becomes unavailable to process new requests.
NTP Amplification Attack
In an NTP amplification attack, the attacker sends spoof “get monlist” requests to an NTP server. This is a network protocol used to synchronize clocks. The NTP server then responds to these requests. Then, it sends the list back to the spoof source address. This eventually amplifies traffic and degrades the quality of any incoming legitimate service.
DNS Amplification Attack
In this attack, the attacker uses open DNS resolvers to amplify traffic and overwhelm a server. Then, the server and its infrastructure become inaccessible.
An SSDP attack is where an attacker leverages the Universal Plug and Play networking protocol to send large amounts of traffic to a targeted device. After that, it overwhelms the victim’s infrastructure. It also takes their web offline.
Low and Slow Attack
This is a unique attack where the cybervillain sends slow-moving traffic to target specific applications or resources. Unfortunately, this attack is hard to identify because it won’t show up on most monitoring tools. As a result, it’ll continue to consume your resources.
Layer 3 Attack
In this attack, the attacker attacks layer 3 of the OSI model, which is the network layer. As a result, this also affects your network equipment and its associated infrastructure.
Ransom DDoS Attack
As the name suggests, ransomware attackers try to extort money from an organization. They threaten them with a DDoS attack. Many times, they also attack a single feature of the application as an “example” of the damage they can cause.
This attack, named after the Smurf malware, sends a large amount of ICMP packets. To do that, it also uses an IP broadcast address. This makes computer networks inoperable as they run out of resources to service these packets.
Ping of Death Attack (PoD)
In a PoD attack, the cybercriminal sends oversized data packets to crash a computer or a service. The machine tries to reconstruct the packets, but their size exceeds the limit. As a result, the device crashes.
DNS Flood Attack
A DNS flood attack is where an attacker targets the Domain Name Servers of a particular network or organization. They do this to prevent the DNS system from mapping IP addresses with the website requests. As a result, this prevents users from accessing the targeted web page.
HTTP Flood Attack
In this attack, a cybercriminal floods a device or network with spoofed HTTP requests. Needless to say, your resources will get wasted when responding to these requests. They also won’t be available for legitimate requests.
SYN Flood Attack
In this type of DDoS attack, the attacker sends SYN packets repeatedly to every port on the target device. The client computer will then initiate these packets to start a TCP connection with the server. When more SYN packets get requested, the server gets overwhelmed when responding to them.
ACK Flood Attack
This attack is one where the cybervillain floods a server with TCP ACK packets. Then, it prevents it from servicing proper requests. The targeted device uses these packets to acknowledge that it has received the transmitted data.
Ping (ICMP) Flood Attack
A ping flood attack is similar to SYN and ACK attacks. The difference here is that the attacker sends a continuous stream of ICMP echo-request packets. The targeted device will then be unable to service these requests in time. Eventually, it’ll crash.
UDP Flood Attack
This is an attack where the cybercriminal overwhelms the ports of the targeted device with UDP packets. The host will then exhaust its resources looking for applications with datagrams matching those in the UDP packets.
QUIC Flood Attack
In this attack, an attacker sends an overwhelming number of packets over the QUIC protocol. This is a transport layer that comes with built-in TLS encryption. As a result, it’s more secure than TCP and more reliable than UDP. However, when a large number of requests get sent through it, it takes time to encrypt them. In turn, this slows down access to legitimate users.
These are some of the well-known types of DDoS attacks. You’re now an expert in DDoS attacks and their different types and subtypes. Let’s recap!
In all, a Distributed Denial of Service (DDoS) attack is a common cyberattack. Cyberciminals send a flood of requests from multiple interconnected systems to a targeted server or device. Then, these requests overwhelm the target’s resources and crash it. Finally, the devices become unavailable to service legitimate requests.
Many types and subtypes of this attack exist, and understanding them is essential to preventing them. Armed with this knowledge will also help you identify the vulnerabilities in your organization and network. You can then set up safeguards to defend your organization.
I hope this article comes in handy for you should you ever be cyber-attacked!
Do you have more questions about DDoS attacks? Check out the FAQ and Resources sections below!
What’s the most common type of DDoS attack?
Volumetric DDoS attacks are the most common. They consume all the available resources in a network. Thereby, they make it unavailable for users. A volumetric attack is also relatively easy to implement, thanks to the growing capabilities of devices to send multiple requests in a short span.
Why do cybercriminals carry out DDoS attacks?
A DDoS attack affects a large user base. Typically, when attackers crash a service or make it unavailable, the information spreads quickly. In turn, this can affect an organization’s reputation greatly. It’ll also cause financial loss. As a result, attackers resort to DDoS attacks.
Are DoS and DDoS attacks the same?
No, they’re different. A DoS attack only involves a single system. Conversely, a DDoS attack involves multiple systems. Needless to say, a DDoS attack is more effective and faster in consuming the target’s resources. This is because millions of requests can get sent every second, depending on the number of devices used for the attack.
Is a botnet attack the same as a DDoS attack?
No, they’re not the same. A DDoS attack is a subset of a botnet attack. Typically, botnets are also used to send spam emails, steal sensitive data, incapacitate a firewall, spread malware, and more.
Is it possible to carry out a DDoS attack against a firewall?
Technically, yes. But VPNs come with a built-in ability to hide your IP address. This makes it extremely difficult for an attacker to flood your network with DDoS packets. This is also why a VPN is often a good solution for preventing DoS and DDoS attacks.
Subscribe to our newsletters for more quality content.
TechGenix: Article on DoS and DDoS Attacks
Know the differences between DoS and DDoS attacks.
TechGenix: Article on Citrix and DDoS Attacks
Learn what Citrix did to counter DDoS attacks.
TechGenix: Article on Preparing Your Infrastructure for a DDoS Attack
Read this article to learn how to prepare your infrastructure for a DDoS attack,
TechGenix: Article on the Resurgence of DDoS Attacks
Understand how and why DDoS attacks are on the rise.
TechGenix: Article on Preparing for a Corporate Security Crisis
Understand how to prepare for a corporate security crisis.