Distributed Denial of Service is most commonly known as DDOS attack is one of the most malicious threats to online services that crumble the host server completely for a significant span of time. It interrupts or suspends the online services of the host server and renders it useless. DDoS attacks are launched from several compromised services which are distributed globally and leads to inaccessibility and complete paralysis of online services available to users leading to heavy loss of business and work.
DDoS Attacks can be broadly classified into the following main types whose intensity is measured differently.
Volume Based Attacks:
The spoofed-packet floods like ICMP or UDP floods fall under the category of volume based attacks. This type of DDoS attck saturates the bandwidth of the target site and its intensity is measured in Bps or bits per second.
User Datagram Protocol is leveraged by the DDoS attack which floods the random ports on a remote host with the many UDP packets. As a result of the excessive UDP packets on the targeted host, there is a repeated check for the application listening at the ports. When n supplication is not found it replies with an ICMP destination that leads to inaccessibility.
ICMP flood floods the victim host by sending packets with minimal intervals. The target system becomes incapable of replying and this type of attack feeds on incoming and outgoing bandwidth. The duration of this this type of DDoS attack is usually for a long time since there is a slowdown of the overall system leading to significant time loss to recover.
The fragmented packet attacks like SYN floods or Smurf DDoS consumes the resources of the actual sources and of the communication equipment such as load balancers and firewalls which works as the mediator. The intensity is measured in packets per second.
SYN flood basically attacks a known weakness in TCP connection sequence which initiates a TCP connection with the host. This request demands an answer by SYN-ACK response which has to be confirmed by an ACK response too. In case of SYN flood the attacker either sends the requests from a fake or spoofed IP address or does not respond to the host’s ACK response. In both the cases there is a denial of service on the online servers since no acknowledgements I received for either of the requests. Owing to this duration of the impact of SYN floods is also prolonged.
Application Layer Attacks:
The low-slow attacks which crash the web-server like GET/POST floods etc. fall under the category of Application layer attacks. It is measured in requests per seconds.
The Get/Post attacks are not so malicious attacks which are usually low and sluggish. It mostly chi Windows and are comprised of legitimate and powerless requests. They however crash the web server due to which the recovery duration is long.
DDOS attack map generally last for about 2-3 hours during which the online services become completely inaccessible. However the mega attacks have recorded for about 13 hours to nearly 5 days complete inaccessibility.