Understanding DDoS Attacks

DDoS attacks can be devastating. With constant innovation, they've morphed into various types of attacks, making
attacks, making them harder to defend against. In this article, we'll delve into some of the most common types of DDoS
types of DDoS attacks and how they work.

by vishal sam
Volume-Based Attacks
These attacks aim to consume the available bandwidth by overwhelming the target with traffic. By sending high
sending high volumes of traffic to the destination server, the attacker can block all legitimate traffic from reaching the
reaching the website. Imagine a roadblock with too much traffic. The server ceases to function, causing it to crash.
it to crash.

Imagine a road overwhelmed with vehicles

Application Layer Attacks (Layer 7)
These targeted attacks exploit a weakness in the application's code. By leveraging application vulnerabilities, attackers
vulnerabilities, attackers can cause the application to crash. These attacks are tough to detect as the traffic appears
traffic appears legitimate. They can also bring down web servers by exhausting their resources.

Attack type Description

XSS attacks Cross-site scripting (XSS) exploits vulnerabilities in a

web application to inject malicious scripts, allowing
attackers to gain access to valuable data and
information.

SQL injection attacks Structured Query Language (SQL) injection attacks

involve injecting malicious SQL statements into input
fields within the web application, causing the
database to execute the commands and reveal
sensitive data or information.
Reflective/Amplification Attacks
Attackers send requests to third-party servers, which send back responses to the target, which is overwhelmed by the
traffic. Hackers manipulate the traffic to generate amplification, reflecting the attack traffic to overwhelming levels.

Reflection Attacks Amplification Attacks

The attackers use a spoof IP address to make requests
to vulnerable servers. The servers respond to the
requests by sending responses back to the target
network.
By exaggerating the size of the requests, attackers can
trick the vulnerable servers. They respond with much
larger amounts of data than what was requested,
dramatically increasing the volume of attack traffic sent
towards the victim.
Resource Exhaustion Attacks
These attacks aim to overload the server's resources, rendering them unavailable to legitimate users. Since these types
of attacks are hard to detect and can be executed quickly, they cause significant harm to enterprise networks.

"By abusing the HTTP 1.1 protocol's "keep-alive" feature, attackers can keep long-lived connections with the server
to exhaust it of resources. This can lead to significant downtime for organizations."

Resource exhaustion attacks target server's capacity and can cause significant damage
Application Layer Attacks (Layer 4)
These attacks attempt to create a new connection with the server, overwhelming it with fake requests. They target the
server's ability to create and manage network connections. The result - the server's resources are devoured.

1 SYN Attacks 2 UDP Floods

The attacker sends SYN packets to the target
server, requesting to initiate a connection. The
server then responds with an SYN/ACK message
to complete the connection. The attacker floods
the server with numerous uncompleted half-
open connections, exhausting the server's
resources.
They target the session initiation protocol (SIP) of
the server. By flooding the target with User
Datagram Protocol (UDP) packets, they
overwhelm the target, which then becomes
unavailable to its users.
Zero-Day Attacks
These attacks exploit vulnerabilities in software or hardware that are unknown to the user or vendor. Hackers stay on
the lookout for Zero-days to maximize the damage caused. The attack occurs immediately: once a vulnerability is
discovered, the attacker quickly launches and executes the malicious code.

Hackers may target zero-day exploits to ambush their victims

IoT Botnet Attacks
With the Internet of Things (IoT), homes and businesses have increasingly become vulnerable to these attacks. These
botnets typically exploit IoT devices' weak security, creating a vast network of compromised devices that can be used to
launch DDoS attacks by hackers.

"Due to the weak security features available in most IoT devices, hackers can easily compromise them and use their
computing power to launch sophisticated DDoS attacks."

Botnets may use IoT devices to launch attacks

Recursive DNS Query Attack
Recursive DNS servers are responsible for handling the bulk of transactional requests between DNS servers, caching IP
address and domain name data to be used for quicker access later. In this attack, the hackers manipulate these requests
to overwhelm the target website with traffic.

Attack Symptoms Description

Slow page loading times The volume of traffic generated can overload a
website, causing it to become slow and sluggish

Site crashes When a website's network can't handle the volume

of incoming traffic, it can crash, rendering it unable to
operate
Memcached Amplification
Memcached is an open-source caching system that's often used in web apps. In this attack technique, attackers exploit
misconfigured memcached servers on the Internet to amplify their DDoS attacks, causing huge traffic volumes.

Memcached servers can be used to amplify DDoS attacks