Introduction to DDoS Attacks

Protect Your Network

Simulate DDoS Attacks On Live
Environment Without Any
Disruption.

Introduction-circle-image

Analyze DDoS attack vectors in Wireshark Download PCAP

DDoS attacks have increased in frequency and sophistication, causing serial business damages because customers cannot tolerate downtime and expect companies to stay “always-on” and online. A distributed denial of service (DDoS) attack is when an attacker attempts to manipulate online traffic and causes an infrastructure breakdown, making it impossible for all users to access a service.

DDoS attackers remotely control a group of compromised devices, often known as botnets, to launch attacks. Botnets include personal computers, mobile phones, smart devices connected to the internet and infected with malicious computer applications.

How a Botnet Attack Works

Botnet Attacks | DDoS Attack Prevention
ddos-attack-arrow

Most Common
DDoS Attacks

ddos-attack-arrow

Continuous Detection
And Elimination Of
DDoS Threats

ddos-attack-arrow

DDoS Effects
on Enterprises

DDoS attacks are grouped into three broad categories

Volumetric Attacks

Volumetric attacks, commonly known as floods, overwhelm the target network bandwidth by sending a large volume of requests until the online traffic pipeline gets blocked and genuine users face service unavailability. In such events, incoming traffic jumps to gigabit or even terabit levels above the regular traffic. Attackers use hijacked devices, spoofed IP addresses, and amplify their attack techniques to create a large flood of network traffic. 

Example : ICMP, Malformed IP, IP Fragmented

Protocol Attacks

An internet protocol is a set of rules applied between computing devices for seamless communication. Attackers exploit vulnerabilities in these protocols and overwhelm core services, such as routers, firewalls, or load balancers that forward requests to the target network. Protocol attacks are launched in Layer 3 or Layer 4 of the OSI model. The most common examples are TCP SYN Flood, Empty Connection Flood, and UDP Flood.

Application Attacks

Application layer attacks in layer 7 target web application-specific resources and overwhelm their functions. The most common types of application attacks are HTTP floods, SlowLoris, Brobot, SSL Negotiation HULK. Application attacks include extensive file downloads or form submissions on the website, exhausting the resources. Because these requests appear to be legitimate, DDoS attack prevention becomes challenging. 

Attack detection becomes more challenging because DDoS attackers often use multiple vectors or a mix of different attack types. In addition, the best-of-breed mitigation solutions perform only after an attack and not before. DDoS prevention, therefore, requires deploying ongoing preemptive intelligence that can automatically block DDoS attacks. 

Q&A Section

Dos vs. DDoS attacks. The primary difference between the two is that the former comprises one computer to launch an attack. At the same time, the latter consists of several computers being compromised to launch a distributed attack. Simple mitigation solutions such as firewalls can easily detect the source of a denial-of-service (DoS) attack; however, DDoS attacks are difficult to detect because of their often hidden multiple source locations. In addition, DDoS attacks channeled by a large number of botnets are powerful to create large volumes of traffic, while a DoS attack is limited in creating an impact. As a result, a DDoS attack can be launched faster than a DoS attack, making it more challenging to mitigate.