There are a few specific types of DDoS attacks but they all share a common mission: to disrupt network operations and bring down a web service. Attackers often do this by utilizing a botnet which is a collection of compromised devices (zombies) that they can force to participate in the attack. A “botmaster” oversees and instructs the devices in the botnet, sending instruction on when and how to implement the attack.
Volumetric AttackA volumetric attack is a network-level attack that aims to entirely saturate the target’s available network bandwidth. This is a relatively simplistic approach to a DDoS attack but effective and threatening nonetheless. The rapid rise and availability of botnets has allowed for the expansion of volumetric attacks recently. Using scalable protection schemes can help to prevent and protect against such attacks.
SYN FloodA SYN flood attack takes advantage of a weakness in the Transmission Control Protocol (TCP). The TCP connection sequence uses a “three-way handshake” method between a client and a server. For a normal TCP connection, the client requests a connection by sending a synchronize (or SYN) message to the server. The server then acknowledges the synchronize message, and the client sends a final acknowledgement to establish the connection.
In a SYN flood attack the final client acknowledgement is never sent, so the handshake is never completed. Often the attacker will spoof their IP address, resulting in the SYN acknowledgement message never being received. The attacker continually sends requests faster than they time out, eventually taking up all open ports. This results in a denial of service to anyone trying to access the server.
UDP FloodA User Datagram Protocol (UDP) flood attempts to overwhelm random ports on a target with UDP packets (or datagrams). UDP is a communications protocol used as an alternative to TCP. When a packet is received, the host checks for an associated application. When the packet is malicious, it won’t find any association and the host sends a packet back saying the destination is unreachable.
More Info: what does ddos stand for
Volumetric AttackA volumetric attack is a network-level attack that aims to entirely saturate the target’s available network bandwidth. This is a relatively simplistic approach to a DDoS attack but effective and threatening nonetheless. The rapid rise and availability of botnets has allowed for the expansion of volumetric attacks recently. Using scalable protection schemes can help to prevent and protect against such attacks.
SYN FloodA SYN flood attack takes advantage of a weakness in the Transmission Control Protocol (TCP). The TCP connection sequence uses a “three-way handshake” method between a client and a server. For a normal TCP connection, the client requests a connection by sending a synchronize (or SYN) message to the server. The server then acknowledges the synchronize message, and the client sends a final acknowledgement to establish the connection.
In a SYN flood attack the final client acknowledgement is never sent, so the handshake is never completed. Often the attacker will spoof their IP address, resulting in the SYN acknowledgement message never being received. The attacker continually sends requests faster than they time out, eventually taking up all open ports. This results in a denial of service to anyone trying to access the server.
UDP FloodA User Datagram Protocol (UDP) flood attempts to overwhelm random ports on a target with UDP packets (or datagrams). UDP is a communications protocol used as an alternative to TCP. When a packet is received, the host checks for an associated application. When the packet is malicious, it won’t find any association and the host sends a packet back saying the destination is unreachable.
More Info: what does ddos stand for
No comments:
Post a Comment