Updated April 3, 2023
Introduction to Types of ddos Attack
The OSI model is a perfect example to reveal the types of DDoS attacks. The OSI layer is divided into 7 types and according to it, the different types of attacks come under different levels of OSI layers. Where all DDoS attacks involve target base or traffic networks, hereby attacks are classified into 3 categories that are application-layer attacks, protocol attacks, volumetric attacks. According to the target vector, the attackers plan to use one or multiple methods.
DDoS attacks are used to suspend online services and make them unavailable to end-users.
What are the types of DDoS attacks?
DDoS attacks are divided into several types:
- Application layer attacks
- Protocol attacks
- Volumetric attacks
Some common DDoS attacks are listed below:
- UDP Flood
- ICMP Flood
- SYN Flood
- Ping of Death
- NTP Amplification
- HTTP Flood
- Slowloris
Explain the different types of DDoS attacks?
- Application layer attacks are sometimes been known as layer 7 attacks to destruct the resources available in the target area. The DDoS attack is mainly in the area where webpages are created and transmitted through requests (HTTPS). An HTTP request can be too small on the client side but the response from the server is too large as it may hold multiple files and queries to build a webpage. Mostly this type of attack is difficult to protect as the traffic may be a concern to determine as malicious.
The HTTP flood is an example of applying the press button again and again in a web engine browser on many systems at a time making the server flood with requests and occurring denial of service to users. The HTTPS flood attacks range from one to many, i.e. simple implementations access one URL and complex implementations access many URLs with attacking IP addresses.
- Protocol attacks mainly utilize layers 3 and 4 of the protocol stack to make the target not been accessed. These attacks consume the state capacity of web servers and firewalls etc.
Here is an example of SYN Flood where requests are being unanswered and the process continues. For example, labor in a supply room gets a request from outside of the storeroom for a package. By hearing this, the labor goes and gets the package and waits for the final confirmation before he takes the package out of the storeroom. By the time the labor gets many more requests and without confirmation, the process goes unanswered and waits for the final step to closed.
- Volume attacks consume to use the bandwidth of target and internet networks. To succeed in this attack, attackers overflow the website with malicious traffic. This results in the stoppage of legitimate traffic and results in denial of service.
Some DDoS attacks are mentioned below:
- UDP or User Datagram Protocol is a DDoS attack that is initiated by forwarding a huge number of UDP packets to other ports. The far distance host will reply accordingly as :
- Checking for application or no application listens at that port.
- Replying with ICMP packets
- Usually, UDP flood attacks tools are of 2 types as Low Orbit Ion Cannon and UDP unicorn
- These attacks can be handled by implementing firewalls at end networks to filter out malicious traffic. It attacks the end networks with a packet having static or random Internet protocol addresses.
- ICMP Flood or Ping Flood follows the same principle as UDP Flood and it is a common DDoS attack where the striker ruins down the victim’s system by continuously sending requests called pings. There are several ping commands like n,l,t where the n command is the number of times requests are being sent, the l command tells us the amount of data sent in a packet, and the t command is used to ping data.
- TCP SYN Flood is a DDoS attack where client and server establish a three-way handshake which is described below:
First of all, the client is requesting for connection by sending an SYN message to the server-side. Once the server receives the connection request, it sends back an acknowledgment message to the client, to which the client responds with acceptance, and thereby the connection has been established.
Here the striker sends continuous messages (SYN) to the server, mostly having a false IP address. The server receives being unknown lots of requests for connections. Either way the server attacked with malicious requests sends the acknowledgment, but it waits from the client-side for the same.
- Slowloris is a high-level attack where one server takes down others without hampering services on the same networks. Slowloris by its name creates a connection to the target server by sending only partial requests. The server keeps this connection open which later overflows and leads to denial of service.
- Those attackers are mainly focused on attacks due to some ideology, Extortion, Business rivalry, etc.
- Zero Based DDoS attacks include unknown attacks and have no patch left behind.
Conclusion
DDoS attacks have been a challenge to target servers and by that solutions are to be made. DDoS attacks are evolving as a cyber threat and focusing on short target duration. For protection against these attacks, we need to build solutions outside networks where only genuine traffic gets in after being filtered. It should not only filter out but also detect threats and come with a remedy for those attacks. DDoS attacks were a threat as firewalls and routers fail to prevent these attacks and malicious traffic.
Recommended Articles
This is a guide to Types of ddos Attack. Here we discuss What are the types of DDoS attacks with the Explanation of their different types. You may also have a look at the following articles to learn more –