Industry Trends

Security 101: Top 10 Most Common DDoS Attacks

By Stefanie Hoffman | April 10, 2014

All one has to do is take a look at the latest headlines to know that Distributed Denial of Service (DDoS) attacks are becoming increasingly commonplace in the enterprise environment. But that doesn't make them any less of a threat. In fact, quite the opposite. These days, powerful DDoS attacks have the ability to shut down dozens of servers, causing hours of lost service time, while damaging brands and costing victim companies millions in lost revenues. And many of these attacks now come equipped with stealth capabilities that can easily dodge most traditional security solutions. A comprehensive defense strategy against evolving DDoS threats includes the ability to distinguish between different types of attacks and knowing what you're up against. With that in mind, here are the top 10 most common types of attacks you'll see on the threat landscape.

1. Syn Flood:

This type of attack occurs when spoofed SYN packets fill the connection table of servers, bombarding them until they effectively shut down. The good news is that low volume SYN Flood attacks can easily be stopped by software firewalls. High bandwidth SYN Flood attacks, however, require specialized equipment with SYN proxy capabilities.

2. Zombie Flood:

This is when non-spoofed connections overload services, causing network paralysis. Unlike SynFlood attacks, Zombie Flood assaults are more difficult to stop unless the target victim possesses some kind of behavioral mitigation technology. Even more difficult to control are high bandwidth Zombie floods, which require specialized logic for legitimate connections and rate limiting.

3. ICMP Flood:

This attack occurs as a result of ICMP packets that overload servers and the pipe to the point of system failure. Low volume ICMP flood attacks can easily be stopped by Access Control Lists on routers and switches. Like other high bandwidth attacks, high bandwidth ICMP floods need specialized equipment.

4. Non-Service Port Flood: In this attack, TCP/UDP packets bombard the servers, spiking traffic flow on unused service ports. Organizations can easily combat these types of attacks with ACLs, but more powerful attacks require more robust security solutions.

5. Service Port Flood:

In these kinds of attacks, packets bombard the servers on service ports that already enable heavy traffic (e.g. TCP port 80) to and from the organization's network. These kinds of attacks are some of the most treacherous due to the fact that they can't be stopped or slowed by many standard security and network solutions - including firewalls, switches, IPS appliances and routers. In order to block these threats, organizations will likely need to invest in more sophisticated security technologies.

6. Fragment Flood:

As its name suggests, this kind of attack occurs when fragmented packets overload servers. As with Service Port Flood attacks, Fragment Flood attacks often can't be thwarted with your standard array of firewalls, switches and routers. Instead, they require more heavy duty solutions to halt them in their tracks.

7. HTTP GET Flood:

This type of attack results from connection oriented bots flooding the servers, affecting network traffic on service ports such as HTTP, while also mimicking legitimate users. And firewalls, switches and routers won't stop them either. In order to, the victim organization will need to bolster security infrastructure with a set of heftier solutions.

8. Blended Flood:

This is when multiple types of attacks are blended on the server, which ultimately confuses the equipment. Because of their complexity, they can't easily be stopped by firewalls, switches, routers and IPS appliances.

9. Anomalous Packet Flood:

In this type of attack, packets with anomalous headers or state overload the servers and choke the network. However, organizations can leverage some firewalls and IPS appliances to stop these attacks. To that end, dedicated solutions designed to detect and protect networks from DDoS assaults, can easily halt these kinds of attacks.

10. Flood From a Foreign Region:

This is when bots from a specific geographic region attack a victim organization's servers. These kinds of attacks are often leveraged in more comprehensive targeted campaigns, and as such, are often more difficult to quell. Among other things, security equipment designed to combat these attacks will need to contain visibility technologies with the ability to automatically detect irregular and anomalous behavior patterns.

Join the Discussion