Introduction
DDoS (Distributed Denial of Service) attacks are malicious attempts to disrupt online services by overwhelming them with excessive traffic. These attacks come in several different forms, each targeting specific vulnerabilities in a system. Knowing the different types of DDoS attacks is crucial for developing effective defense strategies.
1. Volume-Based Attacks
UDP Flood
A UDP flood sends large numbers of UDP packets to random ports on a target server. The server checks for an application listening at that port and replies with an ICMP “Destination Unreachable” packet, overloading its resources.
ICMP Flood (Ping Flood)
The attacker sends massive ICMP Echo Request (ping) packets to the victim, consuming bandwidth and processing power.
TCP Flood
Floods a target with TCP connection requests (SYN packets), consuming server resources and potentially causing downtime.
Goal: Consume all available bandwidth.
2. Protocol Attacks
SYN Flood
Sends repeated SYN requests to a server, never completing the handshake. The server keeps half-open connections alive, exhausting its resources.
Ping of Death
Sends malformed or oversized packets that can crash or freeze systems when reassembled.
Smurf Attack
Sends ICMP requests to a network’s broadcast address using a spoofed IP (the victim’s), causing all devices to respond to the victim.
Goal: Exploit weaknesses in Layer 3 and 4 protocols.
3. Application Layer Attacks
HTTP Flood
Mimics real users by sending numerous HTTP requests to overwhelm a server.
Slowloris
Opens connections and sends partial HTTP requests slowly, keeping them open and exhausting server resources.
DNS Query Flood
Bombards a DNS server with excessive requests, affecting name resolution and slowing responses.
Goal: Exhaust server resources at the application layer (Layer 7).
Conclusion
Each type of DDoS attack targets different components of a network or application. From bandwidth floods to application-level exploits, understanding these threats is key to defending against them. Implementing layered security, traffic monitoring, and DDoS protection services is essential.
