DDoS

Topics

What is a DDoS Attack?

A DDoS (Distributed Denial of Service) attack is a type of cyber attack that aims to disrupt the normal functioning of a website, server, or network by overwhelming traffic from multiple sources. The goal of a DDoS attack is to make the targeted resource unavailable to its intended users, often by consuming all available bandwidth or server resources.

There are several types of DDoS attacks, including:

  • Volume-based attacks: These attacks involve flooding the targeted resource with a large volume of traffic, such as sending a high number of packets or making a large number of requests.
  • Protocol attacks: These attacks exploit vulnerabilities in the targeted resource’s networking protocols, such as TCP (Transmission Control Protocol) or HTTP (Hypertext Transfer Protocol).
  • Application-layer attacks: These attacks target specific applications or services running on the targeted resource, such as a website or email server.
  • TCP state-exhaustion attacks: These attacks aim to consume resources on the targeted server or network by establishing many half-open TCP connections.
  • UDP (User Datagram Protocol) flood attacks: These attacks involve sending a high volume of UDP packets to the targeted resource, causing it to become overloaded and unresponsive.

It’s important to note that DDoS attacks can be difficult to defend against, as they often involve many compromised devices (such as computers or IoT devices) being used to generate the attack traffic. To protect against DDoS attacks, organizations can implement rate limiting, traffic filtering, and a cloud-based DDoS protection service.

What is DDoS mitigation?

DDoS (Distributed Denial of Service) mitigation protects a website, server, or network from DDoS attacks. These attacks are designed to disrupt the normal functioning of a resource by overwhelming it with traffic from multiple sources to make it unavailable to its intended users.

Several methods can be used to mitigate DDoS attacks, including:

  • Traffic filtering: This involves identifying and blocking malicious traffic before it reaches the targeted resource. This can be done using firewalls, intrusion prevention systems (IPS), and other security measures.
  • Rate limiting: This involves limiting the amount of traffic a resource can handle, which can help prevent it from being overwhelmed by a DDoS attack.
  • Cloud-based DDoS protection: This involves using a third-party service to absorb and filter DDoS traffic before it reaches the targeted resource.
  • Load balancing: This involves distributing incoming traffic across multiple servers or resources, which can help to prevent a single resource from becoming overwhelmed by a DDoS attack.

It’s important to note that DDoS attacks can be difficult to defend against, as they often involve many compromised devices used to generate the attack traffic. Therefore, organizations need to implement multiple layers of protection to effectively mitigate the risk of a DDoS attack.

What were the five largest DDoS attacks?

There have been several large DDoS attacks over the years. Still, the five largest (based on the amount of traffic generated) are:

  • The October 2016 Dyn attack involved using a botnet (a network of compromised devices) to generate traffic that peaked at 1.2 Tbps (terabits per second). The attack affected major websites and internet services, including Twitter, Netflix, and Airbnb.
  • The February 2018 GitHub attack: This attack peaked at 1.35 Tbps and targeted the code-sharing platform GitHub. It was later revealed to have been launched from China.
  • The March 2018 Linkedin attack: This attack peaked at 1.44 Tbps and targeted the LinkedIn website. It was later revealed to have been launched by the same group responsible for the GitHub attack.
  • The June 2018 OVH attack: This attack peaked at 1.7 Tbps and targeted the hosting provider OVH. It was later revealed to have been launched from China.
  • The March 2021 Cloudflare attack: This attack peaked at 2.3 Tbps and targeted the web security and content delivery network provider Cloudflare. It was later revealed to have been launched from China.

It’s worth noting that these are just a few examples of the largest DDoS attacks that have been publicly disclosed. There have likely been even larger attacks that have gone unreported or undetected. DDoS attacks can be difficult to defend against, as they often involve many compromised devices to generate the attack traffic. Therefore, organizations need to implement multiple layers of protection to effectively mitigate the risk of a DDoS attack.

What is a scrubbing center?

A scrubbing center (also known as a DDoS scrubbing service or DDoS mitigation center) is a facility that helps to protect against DDoS (Distributed Denial of Service) attacks. It works by filtering out malicious traffic before it reaches the targeted resource, such as a website or network.

Here’s how a scrubbing center typically works:

  • When a DDoS attack is detected, the targeted resource sends a request for protection to the scrubbing center.
  • The scrubbing center redirects the targeted resource’s traffic through its servers, designed to absorb and filter out malicious traffic.
  • The scrubbing center analyzes the incoming traffic and removes any malicious packets or requests while allowing legitimate traffic to pass through to the targeted resource.
  • The scrubbing center sends the filtered traffic back to the targeted resource, which is now protected from the DDoS attack.

Scrubbing centers can be highly effective at protecting against DDoS attacks, as they are specifically designed to absorb and filter out large volumes of malicious traffic. They can also help to reduce the risk of collateral damage, as the targeted resource’s servers are not exposed to the full force of the attack.

However, it’s important to note that scrubbing centers are not a complete solution to the problem of DDoS attacks. They can be overwhelmed by very large attacks, and they may not be able to protect against certain types of attacks, such as application-layer attacks or TCP state-exhaustion attacks. Therefore, organizations need to implement multiple layers of protection to effectively mitigate the risk of a DDoS attack.

Volume-based Attack


A volume-based attack is a DDoS (Distributed Denial of Service) attack that involves flooding the targeted resource with a large traffic volume. The goal of this type of attack is to consume all available bandwidth or server resources, making the targeted resource unavailable to its intended users.

There are several volume-based attacks, including:

  • UDP flood attacks: These attacks involve sending a high volume of UDP (User Datagram Protocol) packets to the targeted resource. UDP is a connectionless protocol, which means that it does not require a three-way handshake (like TCP does) to establish a connection. As a result, it’s relatively easy for attackers to send large volumes of UDP packets without being detected.
  • ICMP flood attacks: These attacks involve sending a high volume of ICMP (Internet Control Message Protocol) packets to the targeted resource. ICMP is a protocol used for communication between network devices, and it is often used to send error messages or diagnostic information. Attackers can exploit this protocol by sending a high volume of ICMP packets, which can consume all available bandwidth or server resources.
  • SYN flood attacks: These attacks involve sending a high volume of SYN (synchronized) packets to the targeted resource. SYN packets are used to initiate a TCP (Transmission Control Protocol) connection, and they are typically followed by an ACK (acknowledgment) packet from the server. However, in an SYN flood attack, the attacker sends a high volume of SYN packets without waiting for the ACK response. This can consume all available server resources and make the targeted resource unavailable.

It’s important to note that volume-based attacks can be difficult to defend against, as they often involve many compromised devices to generate the attack traffic. To protect against these types of attacks, organizations can implement rate limiting, traffic filtering, and a cloud-based DDoS protection service.

Protocol Attack

A protocol attack is a DDoS (Distributed Denial of Service) attack exploits vulnerabilities in the targeted resource’s networking protocols. The goal of this type of attack is to disrupt the normal functioning of the targeted resource by consuming all available bandwidth or server resources.

There are several types of protocol attacks, including:

  • SYN flood attacks: These attacks involve sending a high volume of SYN (synchronized) packets to the targeted resource. SYN packets are used to initiate a TCP (Transmission Control Protocol) connection, and they are typically followed by an ACK (acknowledgment) packet from the server. However, in an SYN flood attack, the attacker sends a high volume of SYN packets without waiting for the ACK response. This can consume all available server resources and make the targeted resource unavailable.
  • Ping of Death attacks: These attacks involve sending a maliciously large ICMP (Internet Control Message Protocol) packet to the targeted resource. ICMP is a protocol used for communication between network devices, and it is often used to send error messages or diagnostic information. By sending a packet larger than the maximum allowable size, the attacker can cause the targeted resource to crash or become unresponsive.
  • Smurf attacks: These attacks involve sending a large number of ICMP echo request (ping) packets to a network, with the source address spoofed to match the address of the targeted resource. The network will then respond with many ICMP echo reply packets, overwhelming the targeted resource with traffic.

It’s important to note that protocol attacks can be difficult to defend against, as they often involve exploiting vulnerabilities in networking protocols that are commonly used and difficult to patch. To protect against these types of attacks, organizations can implement rate limiting, traffic filtering, and a cloud-based DDoS protection service. Additionally, it’s important to keep all software and networking equipment up to date with the latest security patches to reduce the risk of vulnerabilities being exploited.

Application Layer Attack


An application-layer attack is a DDoS (Distributed Denial of Service) attack that targets specific applications or services running on the targeted resource, such as a website or email server. The goal of this type of attack is to disrupt the normal functioning of the targeted resource by consuming all available server resources or causing the application to crash.

There are several application-layer attacks, including:

  • HTTP flood attacks: These attacks involve sending a high volume of HTTP (Hypertext Transfer Protocol) requests to the targeted resource, such as a website. The goal of this type of attack is to consume all available server resources or bandwidth, making the website unavailable to its users.
    -Slowloris attacks: These attacks involve sending a high volume of HTTP requests to the targeted resource but sending them slowly and incompletely. This can cause the targeted resource’s server to become resource-constrained and unable to handle legitimate traffic, making the website unavailable to its users.
  • POST flood attacks: These attacks involve sending a high volume of HTTP POST requests to the targeted resource, such as a website. POST requests are used to submit data to a server, and they often require more processing power and resources than other types of requests. By sending many POST requests, the attacker can consume all available server resources and make the website unavailable to its users.

It’s important to note that application-layer attacks can be difficult to defend against, as they often involve sending legitimate-looking traffic that is difficult to distinguish from normal user traffic. To protect against these types of attacks, organizations can implement rate limiting, traffic filtering, and a cloud-based DDoS protection service. Additionally, it’s important to keep all applications and servers up to date with the latest security patches to reduce the risk of vulnerabilities being exploited.

What are the reasons for DDoS attacks?

There are several reasons why individuals or groups may launch a DDoS (Distributed Denial of Service) attack, including:

  • Extortion: In some cases, attackers may launch a DDoS attack to extort money from the targeted organization. The attackers may threaten to continue the attack unless the organization pays a ransom.
  • Revenge: Some attackers may launch a DDoS attack to seek revenge or cause harm to an organization or individual that they feel has wronged them in some way.
  • Ideological motives: Some attackers may launch a DDoS attack to promote a particular ideology or political cause.
  • Competition: In some cases, attackers may launch a DDoS attack as a way to disrupt the operations of a competitor in the hopes of gaining an advantage in the marketplace.
  • Attention: Some attackers may launch a DDoS attack simply to gain attention or notoriety.

It’s important to note that DDoS attacks can be difficult to defend against, as they often involve many compromised devices used to generate the attack traffic. To protect against DDoS attacks, organizations can implement rate limiting, traffic filtering, and a cloud-based DDoS protection service.

Table of Contents

Digiprove sealCopyright secured by Digiprove © 2022-2023
Scroll to Top