Understanding Volumetric, Protocol, and Application Layer DDoS Attacks

Understanding the Difference Between DoS and DDoS Attack Types

Before diving into the types of DDoS attacks, it is important to understand what DoS Vs DDoS is and the difference between DDoS and DoS.

A DoS attack is a denial of service attack where a single computer is used to flood a server with TCP and UDP packets. A DDoS attack is where several different systems target a network is bombarded with packets from multiple points. To summarize, the key difference between DDoS and DoS is, DDoS uses multiple internet connections to launch an attack while DoS uses a single source connection.

Since DDoS attacks are distributed they have the capability to overwhelm a targeted server, network, or application with a flood of internet traffic. DDoS attacks start with gaining control over a network through which an attack can be executed.

DDoS IPS As A Solution to Prevent DDoS Attacks 

Some enterprises invest in DDoS IPS (Intrusion Prevention Systems) to specifically monitor suspicious activities within the network and they consider DDoS IPS to be a DDoS Mitigator. They can be part of the router system, integrated into the firewall, serve as a back-up to a firewall, or sit deeper within the network infrastructure. However, DDoS IPS focusses on blocking security breaches and is not set to stop a DDoS attack and most DDoS attacks cannot be mitigated using IPS systems.

A DDoS is a cyber-attack on a server, service, website, or network application. If the traffic overwhelms the target, its server, service, website, or network is rendered inoperable. Per their respective targets DDoS attack types can be defined as Layer 3, Layer 4 or Layer 7 DDoS attacks.

 

Volumetric Attacks

Protocol Attacks

Application Attacks

What is it?

The attacks comprise of a botnet which floods the network with traffic that appears legitimate, but soon overwhelms the network.  

Attackers target `intermediate communication equipment’ such as firewalls and load balancers to exhaust server resources.

Requires fewer resources, and targets vulnerabilities within applications by mimicking legitimate user behavior. 

How does it target?

This stifles legitimate traffic, exhausts bandwidth and results in bringing down an entire website.

 

It can overwhelm the edge including mitigations such as firewalls causing service disruption and DDoS.

Targets use an adaptive strategy, including the ability to limit traffic based on particular sets of rules, which may fluctuate regularly.

Examples of Attacks:

Read technical analysis of these attacks on MazeBolt Knowledge Base

Smurf Attacks, ICMP Floods,  IP/ICMP Fragmentation. 

SYN Floods, UDP Floods, and TCP Connection Exhaustion.

HTTP-encrypted flood, Attack on DNS services.

 

Whilst classification of attacks is important from the point of view of understanding them, the fact is, modern day DDoS is far richer in sophistication and harder to detect and mitigate. DDoS attackers today are honing their skills to deliver attacks. These range from minor hitches to total disruption of services that can take an entire business offline.

The bottom-line cost of a DDoS attack is as high as $2.3 million for the enterprise, based on the type of business or volume of transactions occurring on a website per day.

The attacks have also grown bigger in size and can exceed 500Gbps. Memcached DDoS attacks are on the rise and the best way forward for enterprises is to mitigate and protect rather than react to the attacks after their launch.

Beginner's Guide to DDoS Mitigation is a guide created to understand varied DDoS Mitigation components and postures available on the market. It also describes the DDoS attack vectors, the layers they target, and appropriate DDoS Mitigation components used to protect against DDoS attacks. Read this guide to understand how to protect your network against sneakier and smarter DDoS attacks.

In order to build strong DDoS Defenses, enterprises invest heavily in DDoS Mitigation Technology. This is assuming that once installed, DDoS Mitigation Technology will protect a network all the time and automatically prevent DDoS attacks. However, mitigation solutions do not constantly re-configure and fine tune their DDoS mitigation policies. This leaves their ongoing visibility limited and forces them to troubleshoot issues at the very worst possible time, that is, when systems are brought down by a successful DDoS attack. These solutions are all reactive, only closing DDoS vulnerabilities after a successful attack happens.

There needs to be a persistent visibility of attack surface risks, while maintaining service levels intact. Also, there needs to be knowledgebase-assisted vulnerability remediation, with prioritized action plan. The only proper defense is to use a Preemptive Attack-Surface Defense, to ensure DDoS attack prevention.

MazeBolt RADAR™ is a Preemptive Attack Surface Defense service that validates, remediates and optimizes your DDoS protection system in advance of any attack. RADAR™ avoids downtime caused by DDoS attacks - any time, all the time! On a regular basis, RADAR™ challenges your DDoS Mitigation system by auto discovering and launching hundreds of attack simulations against your web facing services, showing you exactly where you’re exposed and vulnerable, and providing a prioritized plan to remediate all vulnerabilities – optimizing your existing DDoS Protection system for immediate and effective reaction once under attack.

Download Whitepaper - DDOS Mitigation Guide 

About MazeBolt 

MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.

Picture of Anuradha Muralidharan

About Anuradha Muralidharan

Anuradha Muralidharan works with MazeBolt Technologies as Content Creation Manager. She has, over the years, worked with several large organizations including HP, Akamai Technologies, and Trigent Software, managing their corporate and marketing communication functions. Anuradha is an award-winning author with several published books to her credit.