DDoS attacks come in many different forms, from Smurfs to Teardrops, to Pings of Death. Below are details about the common types of attacks and amplification methods.

Attack Class: Four common categories of attacks

TCP Connection Attacks – Occupying connections

These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.

Volumetric Attacks – Using up bandwidth

These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.

Fragmentation Attacks – Pieces of packets

These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.

Application Attacks – Targeting applications

These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).

Amplification: Two ways attacks can multiply traffic they can send.

DNS Reflection – Small request, big reply.

By forging a victim’s IP address, an attacker can send small requests to a DNS server and ask it to send the victim a large reply. This allows the attacker to have every request from its botnet amplified as much as 70x in size, making it much easier to overwhelm the target.

Chargen Reflection – Steady streams of text.

Most computers and internet connected printers support an outdated testing service called Chargen, which allows someone to ask a device to reply with a stream of random characters. Chargen can be used as a means for amplifying attacks similar to DNS attacks above.

Source: Google

There are currently no comments.