What exactly is a DDoS attack?
A distributed denial of service (DDoS) attack is an attack in which one or more attackers attempt to render a service unusable.
It’s a cyberattack on a server, service, website, or network that is flooded with internet traffic.
The goal of a DDoS attack is to defeat the selected service by driving more traffic or requests than the network or server can accommodate, this way making a website or service inoperable.
Traffic consists of incoming messages, connection requests, or fake packets. In some cases, targeted victims are exposed to the threat of DDoS attacks and are attacked at low levels.
Alternatively, the database may be hit by a large number of queries. The result is that the available Internet bandwidth, RAM, and CPU capacity is lost.
Network connections on the Internet consist of various layers of the Open Systems Interconnection (OS) model.
Different types of DDoS attacks focus on a specific layer. Some examples:
- Layer 3, the network layer. Attacks are known as ICMP floods, Smurf attacks, and ICMP fragmentation/IP.
- Layer 4, transport layer. Attacks include UDP floods, SYN floods and TCP connection exhaustion
- Layer 7, application layer. Mainly HTTP encryption attacks.
Types of DDoS attacks
There are three main DDoS attack types.
1. Volume-based attacks use large amounts of fake traffic to overwhelm resources such as websites and servers. This includes flood attacks on ICMP, UDP, and spoofed packets. The size of volume-based attacks is measured in bits per second (bps).
2. Network layer DDoS attack sends a huge amount of packets to the targeted network infrastructure. These protocol attacks include Smurf DDOS and Selvan Flood, that is measured in packets per second.
3. Application layer attacks are carried out by flooding the application with maliciously crafted requests. The size of the application layer attack is measured by the number of requests per second (RPS).
DDoS attacks can look like many of the non-malicious things that can cause availability problems, such as:
- Server and system downs
- Legitimate requests from legitimate users
- Cable disconnections.
- And other
Traffic analysis is often needed to determine exactly what is happening.