The nature of DDoS attacks (Distributed Denial-of-Service Attack) has grown increasingly complex over the past 3 years. In the past, the DDoS attacks were only associated with the brute force strategy designed to consume maximum amounts of bandwidth. Since then, a variety of new tools have become readily available. Not only has this allowed for new types of DDoS attacks, but blended attacks as well. Blended attacks utilize a multi-pronged approach and features characteristics from several categories. While there are numerous types of DDoS attacks, they all fall into 3 basic categories based upon the primary digital infrastructure target.
Volume Based Attacks
The type of DDoS attack most people are familiar with is volume based attacks. This method uses a variety of different techniques to saturate bandwidth of the attacked site so no other visitors can access it. It can also lead to server crashes. The most common volume based techniques include UDP floods, ICMP floods, and other spoofed packet floods. While this type of attack gets the most publicity, it is not the most common type of DDoS attack. Experts estimate that only 10-20 percent of all DDoS attack in 2013 will be volume based attacks targeting bandwidth. The strength of volume based attacks is measured in Bits per second (Bps).
The second category of DDoS attacks are protocol attacks. This type of attack targets server resources rather than bandwidth. More evolved protocol attacks also target intermediate communication equipment including firewalls and load balancers. This is accomplished with SYN floods, Ping of Death, Smurf DDoS, and fragmented packet attacks. The strength of protocol attacks are measures in Packets per second (Pps).
Application Layer Attacks
The final type of DDoS attack is an application layer attack. This category of attack has seen the most growth over the past 12 months. In most instances, it requires fewer resources to overwhelm an application than to overload bandwidth or protocols. Popular types of attack in this category include Zero-Day DDoS attacks, Slowloris, and attacks targeting known vulnerabilities in Apache, OpenBSD, and Windows. The goal of an application layer attack is to crash web servers by making a large number of seemingly legitimate requests. The strength of application layer attacks are measured in Requests per second (Rps).
Industry experts note protocol and application layer attacks will comprise a majority of the DDoS attacks moving forward. There are a growing number of tools designed specifically to implement this type of attack. Plus, attackers can easily rent botnet resources to carry them out. A new trend is blended DDoS attacks. A blended attack targets both protocol and application layer vulnerabilities. Typically, the protocol attack is launched first to create a distraction. The application layer is launched soon after the protocol attack. The application layer attack is always the last part of the attack because it takes more time to identify potential application vulnerabilities and target the specific weakness. There is no doubt DDoS attacks will continue to evolve over the next decade with an emphasis on lowering the attacker’s resource requirements and enhancing the long term damage an attack creates.
A suggested managed services and DDoS provider can be found at http://www.datafoundry.com/managed-services/ddos