Facebook, WhatsApp and Instagram suffered an outage last night due to a possible DDoS attack, while engineers are fixing the issue, take a look the 11 types of DDoS attacks every startup should be aware of.Venkatesh Sundar
A distributed denial of service (DDoS) attack, as the name suggests, is a type of cyber attack that seeks to overwhelm a target web application/website with fake traffic, making it unavailable to legitimate users.
Let us now look at the 11 types of DDoS attacks after which we shall delve into the impact of such attacks and how to go about DDoS protection.
There are 11 types of DDoS attacks that are most common and harmful. Understanding the types of DDoS attacks is important as it will enable you and your security team to choose the right DDoS mitigation service that can handle detect, mitigate and monitor such attacks effectively and/or put the most effective protection and mitigation strategies in place.
Here, the attacker exploits vulnerabilities in a DNS (domain name service) server, usually a publicly-accessible one, to turn small queries from a spoofed IP address of an intended victim into much larger payloads through the use of various amplification techniques.
In this reflection attack, the victim’s servers are flooded with large quantities of UDP packets seeking responses from the DNS resolvers. With several DNS resolvers responding to a flood of fake requests, even the most robust internet infrastructure is forced to face a downtime.
This reflection attack exploits the Network Time Protocol (NTP) servers (those used to sync clocks on internet-connected devices) to overload and overburden the target server with UDP traffic disproportionate to the possible response.
IP Fragmentation Attack
In the IP Fragmentation attack, the attackers overload the system by sending bogus UDP and ICMP data packets that exceed the maximum transfer units (MTUs) and rapidly deplete the system resources so that the system becomes unavailable. Another form of this attack is where the attackers stop the reconstruction of the TCP/IP data packets.
The perpetrator overburdens the targeted connected-devices with large volumes of fake SNMP queries (SNMP is the simple network management protocol used to collect and configure information from connected devices such as routers, hubs, printers, etc.) to elicit responses to the single forged IP address. Due to the amplified number of requests, more connected devices start replying to the queries to a point where the network faces downtime.
By targeting random ports on the computer/network with a deluge of UDP packets, the perpetrator overwhelms the system trying to handle the requests.
Here, the perpetrators target DNS server(s) and their cache mechanisms by flooding them with large quantities of UDP packets to exhaust the server-side resources and preventing them from handling genuine incoming requests.
Botnets are large clusters of internet-connected devices that are infected with malware such as the Trojan horse virus and controlled remotely by the attacker. In the HTTP Flood attack, the attacker leverages large volumes of seemingly legitimate GET/ POST requests to exploit the server and getting it to allocate maximum resources to the requests.
In this flood-type attack, the attacker floods the victim’s network with numerous pings or ICMP echo requests in order to clog and deplete network bandwidth immensely.
A TCP session requires a three-way handshake between the two systems for successful completion. In this flood attack, the perpetrators cause network saturation and service shutdown by flooding the target system with numerous spoofed messages so that it cannot keep up.
It is used to overwhelm broadcast networks with countless ICMP echo requests from spoofed IP addresses. Amplification vectors are used to increase the payload potential of the network and smurf malware to trigger this attack.
Ping of Death
To crash, freeze or destabilise targeted system or service, attackers overburden the system with inflated packets through the use of different kinds of IP datagrams such as ICMP echo, pings, UDP packets, TCP, etc. When the system tries to reconstruct these abnormal/inflated packets, a memory overflow occurs causing the system to crash.
DDoS attacks do not seek to directly breach your security perimeter but are often used as a disguise or smokescreen for other attacks and malicious activities.
These attacks are the most noticeable of attacks owing to the network downtime and crashes they cause.
Such downtimes cause financial losses and damage the reputation of the organisation. It may take several months and hefty costs for the organisation to recover from the impact of such attacks. The noticeability factor makes DDoS attacks the most popular choice for most types of cyber-attackers including extortionists, hacktivists, cybervandals, etc.
The most effective DDoS protection solution is one that should be able to give you infrastructure-level protection against network volumetric attacks, based on the infrastructure the solution is hosted on an always-on, instant protection against attacks on specific applications by botnets or targeted attacks on application vulnerabilities.
The best DDoS protection tools are managed solutions endowed with the expertise of certified security professionals and Global Threat Intelligence Platform along with an intelligent WAF that continuously monitors your applications and infrastructure for malicious activity and bad requests, detects threats and vulnerabilities and instantaneously blocks bad requests. The experts finetune the DDoS protection for custom rules and build a strong defence to ensure that your web application/ network is always available.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)