DDoS has grown leaps and bounds over the years, and with it an entire cottage industry has popped up, with vendors on both sides. Protection services stop the problem for customers, and hackers have no qualms with offering their services to the world.
Welcome to the internet.
The reality is that there are countless types of DDoS attacks: from the straightforward and unimaginative, to the highly complex. As mitigation defenses get stronger, cyber criminals respond with new types of DDoS attacks. It is a game of cat and mouse. The fault lies with the architecture of the internet. Websites are vulnerable to DDoS because of the way machines communicate online.
Types Of DDoS Attacks That Threaten Websites
Ping of Death
POD is an old denial of service attack that was quite effective back in the day, but is not really much of a threat anymore. Ping of Death has also been called Teardrop, and a few other names.
Within the IP protocol there are maximum byte allowances for packets (information) sent between two machines. The max allowance under IPv4 is 65,535 bytes. When a large packet is sent it is separated across multiple IP packets, and when reassembled creates a packet so big it will cause the receiving server to crash.
This type of attack is a classic DDoS that sends rapid amounts of packets at a machine in an attempt to keep connections from being closed. The sending machine does not close the connection, and eventually that connection times out. If the attack is strong enough it will consume all resources on the server and send the website offline.
A User Datagram Protocol Flood works by flooding ports on a target machine with packets that make the machine listen for applications on those ports and send back an ICMP packet.
Forged packets are sent out to as many computers as possible. When the packets are received the computers reply, but because the packets are spoofed, instead of responding to the real sender, the machines will all attempt to communicate with the machine at the spoofed address. Eventually, if the attack is strong enough the server will shut down.
This is an old distributed denial of service attack that uses corrupted ICMP packets with a modified ping utility to delivers bad packets to the target server. With enough volume the attack can be successful.
Types of DDoS attacks like these are way more complex than some of the other DDoS attacks we’ve talked about. Slowloris is a DDos toolkit that sends out partial requests to a target server in an effort to keep the connections open as long as possible. At the same time it does this, it sends out HTTP headers at certain intervals, which ramps up the requests, but never makes any connections. It doesn’t take long for this type of DDoS attack to take down a website.
These types of attacks exploit peer-to-peer networks by maliciously redirecting legitimate visitors to the site or server they want to attack. If the attacker is able to pull it off with enough people, the resulting DDOS shuts down the site.
Exactly what it sounds like: you get so much traffic you overload your server and it poops out. This isn’t necessarily a bad thing. It means your site is growing.
But it also means it’s time to upgrade.
Degradation of Service Attacks
There really is only one purpose for this type of attack and that is overloading the server until it is so painstakingly slow it’s all but worthless. This type of attack relies on the fact that no one is going to use a slow website for long, so the slower they can make it, the more of your visitors will find their way off your site.
What makes these types of attacks a pain is because it is hard to tell if you are experiencing a DDoS attack, or are just getting a boost of solid traffic — which is what every site owner is looking for. The key here is to analyze what your “visitors” are doing on the site and benchmark that with historical data. From there you should be able to tell if it is an attack or not.
Application Level Attacks
These are what’s known as Layer 7 DDoS attacks. An attack like this will target the weakest points on your website. Layer 7 attacks are very difficult to stop without having the infrastructure, software, and knowledge to combat them.
A Multi-vector DDoS attack is quite possibly the most complex form of DDoS. This is where attackers not only blend attack strategies, but they often use a variety of tools as well. When you are faced with this type of DDoS attack you will notice the attacker pinpointing applications on your server, while at the same time flooding your site with bad traffic.
Zero Day DDoS
“Zero Day” attacks are a type of DDoS that is just being used. In other words, it is an attack being used for the first time.
DDoS Attacks Are Constantly Evolving
Distributed denial of service attacks are devastating to businesses. They motivations of attackers are evolving just as fast. From politically motivated to criminal weapon, DDoS attacks are used for a variety of purposes and target many applications: websites, email, and VoIP.