1.Application Level Attacks
DDoS attacks can target a specific application or a badly coded website to exploit its weakness and take down the entire server as a result. WordPress (we now offer the best WordPress hosting on the web) and Joomla are two examples of applications that can be targeted to exhaust a server’s resources – RAM, CPU, etc. Databases can also be targeted with SQL injections designed to exploit these loopholes.
The exhausted server is then unavailable to process legitimate requests due to exhausted resources. Websites and applications with security loopholes are also susceptible to hackers looking to steal information.
2.Zero Day (0day) DDoS
This is a standard term (like John Doe) used to describe an attack that is exploiting new vulnerabilities. These ZERO Day DDoS vulnerabilities do not have patches or effective defensive mechanisms.
An evolved version of ICMP flood, this DDoS attack is also application specific. When a server receives a lot of spoofed Ping packets from a very large set of source IP it is being targeted by a Ping Flood attack. Such an attack’s goal is to flood the target with ping packets until it goes offline.
It is designed to consume all available bandwidth and resources in the network until it is completely drained out and shuts down. This type of DDoS attack is also not easy to detect as it can easily resemble legitimate traffic.
4.IP Null Attack
Packets contain IPv4 headers which carry information about which Transport Protocol is being used. When attackers set the value of this field to zero, these packets can bypass security measures designed to scan TCP, IP, and ICMP. When the target server tries to put process these packets, it will eventually exhaust its resources and reboot
5.Spoofed Session Flood
Some of the above DDoS attacks are unable to fool most modern defense mechanisms but DDoS attacks are also evolving to bypass these defenses. Fake Session attacks try to bypass security under the disguise of a valid TCP session by carrying a SYN, multiple ACK and one or more RST or FIN packets.
This attack can bypass defense mechanisms that are only monitoring incoming traffic on the network. These DDoS attacks can also exhaust the target’s resources and result in a complete system shutdown or unacceptable system performance.
As the name suggests, in this type of DDoS attack a server is flooded with UDP packets. Unlike TCP, there isn’t an end to end process of communication between client and host. This makes it harder for defensive mechanisms to identify a UDP Flood attack. A large number of spoofed UDP packets are sent to a target server from a massive set of source IP to take it down.
UDP flood attacks can target random servers or a specific server within a network by including the target server’s port and IP address in the attacking packets. The goal of such an attack is to consume the bandwidth in a network until all available bandwidth has been exhausted.
7.UDP Fragmentation Flood
It is another one of those cleverly masked DDoS attacks that are not easily detected. The activity generated by this attack resembles valid traffic and all of it is kept within limits. This version of the UDP Flood attack sends larger yet fragmented packets to exhaust more bandwidth by sending fewer fragmented UDP packets.
When a target server tries to put these unrelated and forged fragmented UDP packets together, it will fail to do so. Eventually, all available resources are exhausted and the server may reboot.
One of the most well-known DDoS attacks, this version of UDP flood attack is application specific – DNS servers in this case. It is also one of the toughest DDoS attacks to detect and prevent. To execute, an attacker sends a large amount of spoofed DNS request packets that look no different from real requests from a very large set of source IP.
This makes it impossible for the target server to differentiate between legitimate DNS requests and DNS requests that appear to be legitimate. In trying to serve all the requests, the server exhausts its resources. The attack consumes all available bandwidth in the network until it is completely drained out.
This version of application specific UDP flood targets VoIP servers. An attacker sends a large number of spoofed VoIP request packets from a very large set of source IP. When a VoIP server is flooded with spoofed requests, it exhausts all available resources while trying to serve the valid and invalid requests.
This reboots the server or takes a toll on the server’s performance and exhausts the available bandwidth. VoIP floods can contain fixed or random source IP. Fixed source IP address attack is not easy to detect as it masks itself and looks no different from legitimate traffic.
10.Media Data Flood
Like VoIP flood, a server can also be attacked with media data such as audio and video. A large number of spoofed media data packets are sent by an attacker from a very large set of source IP. When a server is flooded with spoofed media data requests, it exhausts all available resources and network bandwidth to process these requests.
This attack is similar to VoIP floods in every way other than using spoofed media data packets to attacks the server. It can also be hard to detect these attacks when they are using fixed source IP as this gives them a legitimate appearance. The attack is designed to consume all available server resources and bandwidth in the network until it is completely drained out.