E N T E R P R I S E S E C U R I T Y
I T
WEB APPLICATION FIREWALL & DDOS MITIGATION SOLUTION
12 TYPES OF DDOS ATTACK
www.haltdos.com
What is a DDoS attack? DDoS (Distributed Denial of Service) attack is a type of a cyberattack where an attacker use multiple compromised systems to flood a network/web application with illegitimate traffic and make it unavailable for the legitimate users who are trying to access it.
How DDoS Attacks Work? During a DDoS attack, the incoming traffic which is responsible for flooding the victim is originated from many different sources. This efficiently makes it impossible to stop the attack simply by blocking a single IP address and thus, it is very difficult to distinguish between legitimate user traffic and attack traffic when it is spread across too many points of origin which causes a denial of service.
Overview In today’s online businesses, DDoS attacks hold for a major concern. According to the report presented by Akamai - Q3 2017 Security Report, it was concluded that there’s a 179.66% increase in the total number of DDoS attacks since the last 3 years.
Businesses from all over the world have suffered numerous high profile cyber incidents over the past few years; with attacks on Github on Feb 2018 and several attacks on ISPs and Banks all over the world showed us that even a single DDoS attack can have the potential to bring down any business to its knees. DDoS attacks have grown greater and urbane over the years, whether be it flooding a target with a simple ping command based ICMP echo request or complex multi-vector attacks. In this document, we shall overview the different types of DDoS attacks.
1. Application Level Attacks Application level attacks occur when an attacker attacks a specific application or a website that is poorly coded in order to exploit its weakness. As a result, the entire server gets exhausted and becomes unavailable to the legitimate requests. Websites and applications with security loopholes also fall under the susceptibility for hackers intending to steal information. These loopholes can also be exploited with the help of a simple targeted attack that targets the database. For example WordPress and Joomla are applications that can exhaust a server’s resources.
2. Zero Day (0day) DDoS Zero Day DDoS attacks are the attacks that are unidentified yet they exploit new vulnerabilities. These attacks are not traceable and have undefined defensive mechanisms. Â
3. Ping Flood Ping Flood is an application specific type of DDoS attack that is an evolved version of Internet Control Message Protocol (ICMP) flood. In this type of DDoS attack the attacker sends multiple spoofed ping packets to the server through a large set of source IP. The purpose of the attacker is to flood the target with ping packets until it goes offline. It is designed in such a way that it consumes all the resources and bandwidth which are available in the network until it is completely exhausted and finally shuts down. It is not very easily detectable as it closely resembles the legitimate traffic.
4. IP Null Attack The IP packets contain IPv4 headers that enclose all the information about the transport protocol which is being used in the protocol field. Â In IP Null attack, the attacker sends packets containing null value (zero) in this field and these packets can neglect security measures which are designed to scan TCP, IP and ICMP. As a result, when the server which is targeted will try to process these packets, it will exhaust its resources and will reboot.
5. NTP Flood NTP is an abbreviation used for Network Time Protocol. It is basically an internet protocol which is used to synchronize the clocks of computers to some time-reference. NTP Flood attack occurs when an attacker sends small packets containing a spoofed IP of the target to internet enabled devices running NTP. These spoofed requests then sends UDP floods as responses from these devices to the target. When the target tries to identify this flood of requests, all its resources gets exhausted and either it goes offline or will reboot.
6. ICMP Flood In an Internet Control Message Protocol (ICMP) Flood Attack occurs when an attacker sends highly-spoofed ICMP packets in huge amount to flood a network. As a result, all the resources and available bandwidth are consumed and the network gets exhausted and it goes offline. ICMP floods can overpower a network with packets containing random or fixed source IP addresses. This attack can be viewed as a Network-Level volumetric attack and thus can be defeated by L3/L4 Packet Filtering.Â
7. SYN Flood SYN flood attack occurs when an attacker sends a succession of SYN requests to a targeted system. All the server resources are consumed and the system thus becomes unresponsive to legitimate traffic. By flooding multiple TCP ports on the target system with SYN (synchronize) messages, a SYN-flood DDoS attack takes advantage of the TCP (Transmission Control Protocol) threeway handshake process in order to initiate a connection between the source system and the target system, thus making the system unresponsive to legitimate traffic.
8. UDP Flood Attack UDP stands for User Datagram Protocol that sends short packets of data, called datagrams. UDP flood attack occurs when the attacker tries to flood the target server with large number of spoofed data packets. As a result, all the available bandwidth is consumed and exhausted. Thus, IP server gets down. It is harder for defensive mechanisms to identify a UDP Flood attack since it is an end to end process of communication between client and host.
9. UDP Fragmented Floods The activity generated by the UDP fragmented flood attacks is similar to the UDP flood attack, with a difference that in this case the attacker sends the fragmented data packets to the target server. The target server then tries to put these unrelated and fake fragmented UDP data packets together and eventually fails to do so. As a result, all the available resources get exhausted and this may lead to server reboot.
10. DNS Flood Attack DNS Flood Attack occurs when the attacker sends a large amount of spoofed DNS requests that are exact replica of the real DNS requests from a very large set of source IP. Hence, it is not possible for the target server to differentiate between the real and the fake DNS requests. In order to serve all the requests, the server exhausts all its resources. As a result, the attack consumes all the available bandwidth until it is completely drained out.
11. SIP Flood Attack Session Initiation Protocol (SIP) is a commonly used signaling protocol which is used to support voice communication, video communication and other multimedia applications. SIP Flood Attack occurs when an attacker sends multiple INVITE requests without waiting for responses from the UAS or the proxy with an aim to exhaust their respective resources.
12. Slowloris Attack In this type of attack first of all the TCP connection is established, then as the multiple requests comes at regular intervals, all the connections are eventually consumed that restrict other servers to connect until some of the connections are released. Thus at this point of time, hackers with limited traffic resources successfully mount a Slowloris attack.
START YOUR
FREE TRIAL https://app.haltdos.com
WEB APPLICATION FIREWALL & DDOS PROTECTION Understand the current web application threat landscape, know why traditional network security solutions fail to provide a complete protection against t o d a y ’s e m e r g i n g t h r e a t s a n d w h y y o u r o r g a n i z a t i o n needs a web application firewall to mitigate IT risks. Sign up at haltdos.com
To learn more visit our website - www.haltdos.com info@haltdos.com