Distributed Denial of Service (DDoS) attacks are becoming increasingly common in the business environment. Today, powerful DDoS attacks have the ability to shut down dozens of servers, causing hours of downtime, while damaging brands, costing companies millions in lost revenue. That is why it is important to fully understand these and what causes these attacks to be able to take action against such attacks.
Types of DDoS attacks
▸Syn flood
This type of attack occurs when a person or program manages to impersonate another successfully, falsifying data (spoof) and flooding the server connection table with SYN packets, bombarding them until they actually bring them down. The good news is that the low volume of SYN flood attacks can be easily stopped by firewall software. High bandwidth SYN flood attacks, however, require specialized equipment with SYN proxy capabilities.
▸ICMP Flood
This attack occurs as a result of ICMP packets that overload the servers to such an extent that it causes a system failure. Low volume ICMP flood attacks can be easily stopped with Access Control Lists (ACLs) on routers and switches. Like other high-bandwidth attacks, high-bandwidth ICMP floods require specialized equipment.
▸Service Port Flood
In these types of attacks, packets bombard the ports in service that already enable heavy traffic (such as TCP port 80) to and from the organization’s network. These types of attacks are among the most treacherous due to the fact that they cannot be stopped or slowed by many of the standard security and network solutions – including firewalls, switches, IPS devices, and routers. To block these threats, organizations will need to invest in more sophisticated security technologies.
▸HTTP GET Flood
This type of attack results from connection-oriented bots that flood servers, affecting network traffic on service ports such as HTTP, while posing as legitimate users. Firewalls, switches, and routers won’t stop them either. To do this, the victim organization will have to reinforce its security structure with more resistant solutions.
▸Anomalous Packet Flood
In such an attack, packets with abnormal headers or status overload servers and choke the network. However, organizations can take advantage of some firewalls and IPS devices to stop these attacks. To that end, solutions designed to detect and protect networks from DDoS attacks can easily stop these types of attacks.
▸Zombie Flood
This attack occurs when connections that have not been spoofed overload services, causing paralysis in the network. Unlike SYN flood attacks, Zombie flood attacks are more difficult to stop unless the attacked victim has some form of behavioral mitigation technology. Even more difficult to control are high-bandwidth zombie floods, which require specialized logic for legitimate connections and range limits.
▸Flooding of a Foreign Region
This occurs when bots from a specific geographic region attack the servers of the victim organization. These types of attacks are usually generated through very comprehensive targeted campaigns, and as such are usually more difficult to suppress. Among other things, security equipment designed to combat these attacks will need to contain visibility technologies with the ability to automatically detect irregular or anomalous patterns of behavior.
▸Non-service Port Flood
In this attack, TCP / UDP packets bombard servers, increasing the flow of traffic on unused servers. Organizations can easily combat these types of attacks with ACLs, but more powerful attacks require stronger security solutions.
Of course there are many other types of DDoS attacks, but these could be considered the most common and due to technological advance, extreme care must be taken since technology is not the only thing that advances.
[…] also:DDoS attacks increased 350% after lockdownWhat are the most common DDoS attacksFreakOut – A Botnet targeting LinuxIPStorm – What we know about this […]