Page 47 - cdm-2014
P. 47
Combined with ISP DDoS protections you get a solution for bulk and sophisticated layer 7
attacks.
Common DDoS Attack Types
Bulk Volumetric
These types of attacks are designed to overwhelm and consume available internet bandwidth or
overload servers and include:
SYN Flood: Spoofed SYN Packets fill the connection table of servers and all other devices in
your network path
Zombie Flood: In zombie or botnet floods, non-spoofed connections overload network and
application services
ICMP Flood: ICMP packets, such as those used for “ping”, overload servers and network
connections
TCP/UDP Port Flood: TCP/UDP packets overload the servers and network ports not being
used for a service, such as TCP port 81
Fragment Flood: Fragmented packets overload servers
Anomalous Packet Flood: Deliberate or accidental packet errors in scripts by hackers
overload network equipment and servers as they attempt to deal with anomalies
Unwanted Geographical Area Floods: Packets are flooding in from an unwanted or potentially
malicious geographic area (country, region, etc.)
Blended Attacks: More and more DDoS events are using combinations of the basic attack
types and some are even masking service-level attacks within high-volume basic ones to throw
off detection services
DNS Amplification: The attacker targets DNS servers and uses the DNS EDNS0 protocol to
increase a DNS response message sent to an attack target by a factor of 70
Application Layer Attacks
These types of attacks are smaller, more sophisticated and target layer 7 services on servers
like HTTP, SMTP and HTTPS. These types of attacks include:
HTTP GET: These attacks involve connection-oriented bots that attempt to overload servers
and connections on service ports (such as HTTP) by mimicking legitimate users
HTTP POST: POST body messages are sent at a very slow rate and disrupt proper connection
completion.
! " $ !
! # ! "
