Before we dive into the types of DDoS attacks, let’s first understand what DoS vs DDoS is and the difference between them.
A DoS attack is a denial of service attack where a single computer is used to flood a server with TCP and UDP packets. A DDoS attack is where several different systems target a network with packets from multiple points. The main difference is that DDoS uses multiple internet connections to launch an attack while DoS uses a single source connection.
Since DDoS attacks are distributed, they can easily overwhelm a targeted server, network, or application with a flood of internet traffic. DDoS attacks start with gaining control over a network. It uses the network to then execute an attack.
A DDoS is a cyber-attack on a server, service, website, or network application. If the traffic overwhelms the target, its server, service, website, or network is rendered inoperable. Per their respective targets, DDoS attack types can be defined as Layer 3, Layer 4 or Layer 7 DDoS attacks.
|
Volumetric Attacks |
Protocol Attacks | Application Attacks | |
|
What is it? |
A botnet attack floods the network with traffic that appears legitimate but soon overwhelms the network. |
Attackers target intermediate communication equipment such as firewalls and load balancers to exhaust server resources. |
Requires fewer resources, and targets vulnerabilities within applications by mimicking legitimate user behavior. |
|
How does it target? |
Stifles legitimate traffic, exhausts bandwidth, and results in bringing down an entire website.
|
It can overwhelm the edge including mitigations such as firewalls causing service disruption and DDoS. |
Targets use an adaptive strategy, including limiting traffic based on particular sets of rules, which may fluctuate regularly. |
|
Examples of Attacks: |
Smurf Attacks, ICMP Floods, IP/ICMP Fragmentation. |
SYN Floods, UDP Floods, and TCP Flood attack, Connection Exhaustion. |
HTTP-encrypted flood, attacks on DNS services. |
It’s not all in the classification
Although classifying attacks can help to better understand them, modern-day DDoS is far richer in sophistication and harder to detect and mitigate. DDoS attackers today are constantly honing their skills to deliver attacks. These attacks range from minor hitches to total disruption of services that can take an entire business offline.
The bottom-line cost of a DDoS attack is as high as $2.3 million for the enterprise, based on the type of business or volume of transactions occurring on a website per day.
The attacks have also grown bigger in size and can exceed 500Gbps. Memcached DDoS attacks are on the rise and the best way forward for enterprises is to mitigate and protect rather than react to the attacks after their launch.
‘Our Beginner’s Guide to DDoS Mitigation is available to help you understand the various DDoS mitigation components and postures available on the market. It also describes the DDoS attack vectors, the layers they target, appropriate DDoS mitigation components used to protect against DDoS attacks, and how to protect your network against sneakier and smarter DDoS attacks.
The Problem with Relying on DDoS IPS to Prevent DDoS Attacks
Some enterprises invest in DDoS IPS (Intrusion Prevention Systems) to specifically monitor suspicious activities within the network and they consider DDoS IPS to be a DDoS mitigator. They can be part of the router system, integrated into the firewall, serve as a backup to a firewall, or sit deeper within the network infrastructure.
However, DDoS IPS focuses on blocking security breaches and is not set to stop a DDoS attack and most DDoS attacks cannot be mitigated using IPS systems.
The Downfall of DDoS Mitigation Solutions
In order to build strong DDoS Defenses, enterprises invest heavily in DDoS mitigation technology. This is assuming that once installed, DDoS mitigation technology protects a network all the time and automatically prevents DDoS attacks. However, mitigation solutions do not constantly re-configure and fine-tune their DDoS mitigation policies. This leaves their ongoing visibility limited and forces them to troubleshoot issues at the very worst possible time, that is, when systems are brought down by a successful DDoS attack. These solutions are all reactive, only closing DDoS vulnerabilities after a successful attack happens.
DDoS vulnerabilities must be tested constantly to achieve visibility of attack surface risks, with no downtime to production environments. In addition, knowledgebase-assisted vulnerability remediation is a must, with a prioritized action plan. The only proper defense is to use a preemptive attack surface defense, to ensure DDoS attack prevention.
MazeBolt RADAR™ testing is a preemptive attack surface defense service that validates, remediates, and optimizes your DDoS protection system in advance of any attack. RADAR™ testing avoids downtime caused by DDoS attacks because it is always-on and constantly testing. It does this by launching hundreds of tests against your web-facing services, showing you exactly where you’re exposed and vulnerable, and providing a prioritized plan to remediate all vulnerabilities – optimizing your existing DDoS mitigation system for immediate and effective reaction once under attack.
