A distributed denial of service (DDoS) attack occurs when multiple hosts flood the bandwidth of a particular network, causing excess traffic that disrupts online applications and services.
2015 saw a record number of DDoS attacks against organizations, governments and individuals.
According to a new report from Technavio, the increasing frequency, severity and sophistication of these attacks has bolstered growth in the global DDoS prevention market. The market is expected to top $1.5 billion by 2019, growing at a cumulative average growth rate of 22.92%.
Types of DDoS attacks
DDoS prevention market by type of attack 2014
User datagram protocol (UDP) floods
Attackers flood random ports on a target machine using packets, which causes the target machine to look out for certain applications and report back with an Internet control message protocol packet.
SYN floods
A three-way handshake attack, where a SYN message is transmitted to the host machine to start a conversation. The server acknowledges the request and sends an ACK flag to the machine that began the process. The requesting machine then closes and completes the connection. The target server receives repeated spoof requests from the SYN flood attack through multiple sources.
ACK floods
Numerous acknowledgment packets are sent to a victim’s network simultaneously. On receiving the packets, the host system checks each packet and responds. Due to the bulk delivery of packets, the system goes in numerous loops of checking and responding and finally stops responding. Attackers use ACK flood attacks to affect servers, host systems, and network devices.
Ping-of-death attacks
Attackers attempt to manipulate an P by sending packets larger than the maximum size allowed. They use multiple IP packets, called fragments, to deliver large packets to a host machine. These packets are reassembled to create a packet larger than 65,535 bytes, which causes servers to reboot or crash.
Reflected attacks
Attackers create and send forged packets to numerous computers. All receiving computers send responses from spoof addresses that actually route to the target machine. As a result, the target website slows down or stops responding until server resources are exhausted.
Peer-to-peer attacks
Attackers route the traffic to a target website by exploiting a peer-to-peer server. This sends end-users of the file-sharing hub to the target website, because of which it stops responding and goes offline.
Nuke attacks
This one is an older DDoS attack. Attackers send corrupt Internet control message protocol packets to the target machine by using a modified ping utility. When this happens continuously, the target machine goes offline.
Slowloris attacks
Slowloris software allows attackers to open connections to the target machine with partial requests for maximum time period. At certain intervals, hypertext transfer protocol (HTTP) headers are sent to the target machine, which increases open connections that remain open until the target website goes offline.
Degradation-of-service attacks
Attackers use zombie computers to flood the target machine with malicious traffic and slow down server response times to a level that makes the website unusable for end-users. These attacks are difficult to spot, as they are generally mistaken for an increase in website traffic.
Unintentional DDoS attacks
This takes place when a web server cannot handle incoming requests due to a spike in web traffic. As the traffic increases, more resources are used, which results in page timeouts while loading, and eventually the server fails to respond and goes offline.
Application-level attacks
One of the most common DDoS attacks. The attacker focuses on a few easily accessible applications. Some major targets of application-level attacks are web-based email apps, WordPress, Joomla, and forum software.
Multi-vector attacks
These are the most complex form of DDoS attack. They use a combination of tools and strategies to overload the target. Attackers often target specific applications on the target server and flood the target machine with a large volume of malicious traffic. These attacks are difficult to mitigate, as they manifest in multiple forms and target different resources simultaneously.
Zero-day DDoS attacks
A zero-day DDoS attack has no patches. An attacker exploits a new vulnerability previously unknown to the developer.