Understanding Volumetric, Protocol, and Application Layer DDoS Attacks

Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, network, or application by overwhelming it with a flood of internet traffic. 

DDoS attacks start with gaining control over a network through which an attack can be executed. 

By infecting malware into a vulnerable computer or machine, the bot, or a group of bots called botnets gain control over the target.  Once control is established, an IP address is targeted, and botnets send requests till the targeted server is overwhelmed. This result is a denial-of-service to normal traffic.

A DDoS is a cyber-attack on a server, service, website, or network application. If the traffic overwhelms the target, its server, service, website, or network is rendered inoperable. Per their respective targets they can be defined as Layer 3, Layer 4 or Layer 7 DDoS attacks.

 

Volumetric Attacks

Protocol Attacks

Application Attacks

What is it?

The attacks comprise of a botnet which floods the network with traffic that appears legitimate, but soon overwhelms the network.  

Attackers target `intermediate communication equipment’ such as firewalls and load balancers to exhaust server resources.

Requires fewer resources, and targets vulnerabilities within applications by mimicking legitimate user behavior. 

How does it target?

This stifles legitimate traffic, exhausts bandwidth and results in bringing down an entire website.

 

It can overwhelm the edge including mitigations such as firewalls causing service disruption and DDoS.

Targets use an adaptive strategy, including the ability to limit traffic based on particular sets of rules, which may fluctuate regularly.

Examples of Attacks:

Read Technical Analysis of these attacks on MazeBolt Knowledge Base

Smurf Attacks, ICMP Floods,  IP/ICMP Fragmentation. 

SYN Floods, UDP Floods, and TCP Connection Exhaustion.

HTTP-encrypted flood, Attack on DNS services.

 

Whilst classification of attacks is important from the point of view of understanding them, the fact is, modern day DDoS is far richer in sophistication and harder to detect and mitigate.  Threat actors today are honing their skills to deliver attacks. These range from minor hitches to total disruption of services that can take an entire business offline.

The bottom line cost of a DDoS attack is as high as $2.3 million for the enterprise, based on the type of business or volume of transactions occurring on a website per day.

The attacks have also grown bigger in size and can exceed 500Gbps. Memcached DDoS attacks are on the rise and the best way forward for enterprises is to mitigate and protect rather than react to the attacks after their launch.

Begginer's Guide to DDoS Mitigation is a guide created to understand varied DDoS Mitigation components and postures available on the market. It also describes the DDoS Attack vectors, the layers they target, and appropriate DDoS Mitigation components used to protect against DDoS attacks. Read this guide to understand how to protect your network against sneakier and smarter DDoS attacks. 

In order to build strong DDoS Defenses, enterprises invest heavily in DDoS Mitigation Technology. This is assuming that once installed, DDoS Mitigation Technology will protect a network all the time and automatically prevent DDoS attacks. Read more about this myth and 2 more myths in the blog - Slaying 3 Myths for a New Decade.

However, existing DDoS mitigation is not designed to automatically adapt to changing networks – making it inherently vulnerable to changes and exposing it to an average failure rate of 48%. DDoS Mitigation today needs a Continuous Feedback Mechanism.

To know more  about Proactive Feedback Mechanism, read this blog.

 

Beginner's Guide to DDoS Mitigation

 

About MazeBolt 

MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.

Picture of Anuradha Muralidharan

About Anuradha Muralidharan

Anuradha Muralidharan works with MazeBolt Technologies as Content Creation Manager. She has, over the years, worked with several large organizations including HP, Akamai Technologies, and Trigent Software, managing their corporate and marketing communication functions. Anuradha is an award-winning author with several published books to her credit.