Article: Protect Your Business by Knowing the 3 Types of DDoS Attacks

The term "DDoS attack" can sound scary in itself. However, did you know there are multiple types of attacks, depending on how the attack is launched?

Let's start at the beginning. The acronym DDoS stands for "distributed denial of service". This denial of service can occur in a number of ways and target different components of your infrastructure. The three main categories of these attacks are volumetric, protocol, and layer-7 (application layer).

Each type of DDoS attack has its own unique effect on an environment, so it's important to be aware of the common attack types when preparing a DDoS attack preparedness strategy.

We'll cover all three categories and list specific types of attacks within them.

Volumetric

Volumetric attacks are the most common DDoS attacks, because they are the easiest for attackers to launch, and cause widespread damage. These attacks involve overwhelming the bandwidth capacity of a site/network and are measured in gigabits per second (Gbps). Volumetric attacks can exceed 1000 Gbps in size, and continue to increase in size each year.

Common types of volumetric attacks include:

UDP flood
NTP reflection/amplification
DNS reflection/amplification
Tsunami SYN flood
Fragmented UDP flood
TCP ACK flood large packet
CLDAP reflection/amplification
CHARGEN reflection/amplification
SSDP reflection/amplification
SNMP reflection/amplification
ICMP flood
GRE-IP UDP
GRE-ETH UDP
GRE-IP TCP SYN Tsunami
GRE-ETH TCP SYN Tsunami
Fragmented ICMP flood

Because volumetric attacks are the simplest to launch, they will continue to expand and evolve over time. As a result, it's important to work with your DDoS consulting professional to make sure your network is protected with proper mitigation strategies and regular DDoS testing exercises.

Protocol

Protocol attacks typically exploit performance limitations of critical network infrastructure such as firewalls, load balancers, routers, and servers. These attacks are often measured in packets per second (pps). Although large attacks over 100 million pps occur, even smaller protocol attacks often cause significant outages.

Common types of protocol attacks include:

TCP SYN flood
TCP RST flood
TCP SYN-ACK flood
TCP FIN flood
SSL negotiation attack
SlowLoris attack
TCP connect attack

Many people think that firewalls can protect against DDoS attacks. However, firewalls are often the specific weakness exploited by a protocol attack to cause an outage. Discuss how to protect your critical resources against protocol attack with a DDoS expert.

Layer-7 (Application Layer)

Layer-7 (or application layer) attacks can be the most difficult to detect because they appear to be legitimate traffic. However, an excessive number of these "legitimate" requests lead to unresponsive servers and network equipment. Layer-7 attacks are often measured in requests per second (rps), with large attacks exceeding 1 million rps. However, small attacks of only 100-1000 rps can cause an outage while being subtle enough to avoid detection.

Common types of layer-7 attacks include:

UDP/TCP DNS query flood
HTTP(S) GET request flood
HTTP(S) POST request flood
HTTP(S) GET request flood w/cookie handling
SMTP attack

Since Layer-7 attacks can look like legitimate traffic, they can be difficult to detect. DDoS attack training from a DDoS consultant, like NimbusDDOS, can help your team be prepared to identify an attack. Further, NimbusDDOS can be an on-call member of your support team to help supplement internal resources and identify complex layer-7 DDoS attacks.

How to Prepare

As you create a DDoS attack response plan specific to your environment and team, it's important to consider all of the different components of your network and how they are vulnerable to attack. Having an expert who knows how to protect against the different types of attacks is crucial to making sure you are protected.

Want an expert to help devise a plan to protect your company and allow you to be confident in the face of a DDoS attack? Contact NimbusDDOS today.