{"id":7320,"date":"2023-09-15T16:06:00","date_gmt":"2023-09-15T20:06:00","guid":{"rendered":"https:\/\/zayo1.burbledev.com\/?post_type=resources&#038;p=7320"},"modified":"2024-06-25T22:16:20","modified_gmt":"2024-06-26T04:16:20","slug":"types-of-ddos-attacks-and-how-to-prevent-them","status":"publish","type":"resources","link":"https:\/\/zayoeutrans.burbledev.com\/fr\/resources\/types-of-ddos-attacks-and-how-to-prevent-them\/","title":{"rendered":"Types of DDoS Attacks and How to Prevent Them"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"298\" height=\"296\" src=\"https:\/\/zayoeutrans.burbledev.com\/wp-content\/uploads\/tyler-burke.jpg\" alt=\"\" class=\"wp-image-7324\" style=\"width:243px;height:auto\" srcset=\"https:\/\/zayoeutrans.burbledev.com\/wp-content\/uploads\/tyler-burke.jpg 298w, https:\/\/zayoeutrans.burbledev.com\/wp-content\/uploads\/tyler-burke-150x150.jpg 150w\" sizes=\"auto, (max-width: 298px) 100vw, 298px\" \/><\/figure>\n<\/div>\n\n\n<p><em>By Tyler Burke, <\/em><em>IP and DDoS Product Manager<\/em><\/p>\n\n\n\n<h5 class=\"wp-block-heading\">How many DDoS attack types are there? Scores, really. In this blog, I\u2019ve categorized them into three main groups: volumetric, application-layer, and protocol-layer attacks. And I explain why it <em>just doesn\u2019t matter<\/em> which attack type targets your business.<\/h5>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is a DDoS Attack?<\/strong><\/h2>\n\n\n\n<p>A distributed denial of service (DDoS) attack \u2013 no matter the type \u2013 is a deliberate, targeted cyberattack that aims to overwhelm your organization\u2019s Internet resources. The motivation of the attacker can range from profit to politics, from boredom to bragging rights, from revenge to ransom.<\/p>\n\n\n\n<p>A successful attack disrupts your online presence. Your customers cannot reach your websites. Your systems are down. Your business stands still.&nbsp;And regaining the lost revenue, productivity, and brand reputation from an attack isn\u2019t cheap. Companies <a href=\"https:\/\/f.hubspotusercontent20.net\/hubfs\/6483172\/2021\/website-content\/whitepapers\/always-on-real-time-ddos-security-whitepaper.pdf?utm_campaign=WP-2021-01-25-Always-On-Real-Time-Whitepaper-Omnisperience&amp;utm_medium=email&amp;_hsmi=108065077&amp;_hsenc=p2ANqtz-_3r05UJUh8inQJTzrsg4taSmh1ifiHCnZNiFztjteCCLDeloP3FILOLUJI9JVPbfgInz5IYlXA-FhLdVi_3waoySDCIA&amp;utm_content=108065077&amp;utm_source=hs_automation\">spend an average of $200,000<\/a> recovering from a single attack.<\/p>\n\n\n\n<p>A successful attack also reveals your organization\u2019s security weaknesses to the attacker. You may feel that the short, 3-minute attack you endured last week wasn\u2019t so bad. But now your attacker knows just where to strike for the next \u2013 more damaging \u2013 blitz.&nbsp;<\/p>\n\n\n\n<p><strong>If you\u2019re into math, the odds are not in your favor.<\/strong><\/p>\n\n\n\n<p>We\u2019ve seen a sharp rise in the number of DDoS attacks <em>this year alone<\/em>. Across industries, there were <a href=\"https:\/\/go.zayo.com\/zayo-ddos-protection-ebook\/\">387% more DDoS attacks in Q2 than in Q1<\/a>.&nbsp;<\/p>\n\n\n\n<p>Why the increase? The sophistication of <a href=\"https:\/\/www.netscout.com\/threatreport\/ddos-threat-intelligence-report\/#attack-vectors\">automation<\/a> removes human limitations from the activity. <a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2009\/07\/01121538\/ynam_botnets_0907_en.pdf\">Botnets can be purchased on the web for less than $1000<\/a>. The most amateur attacker can now easily launch an attack and profit from the damage caused.<\/p>\n\n\n\n<p>Across all measurable metrics \u2013 the <em>frequency, size, and duration <\/em>of DDoS attacks are becoming worse.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The 3 Types of DDoS Attacks<\/strong><\/h2>\n\n\n\n<p>DDoS attacks are becoming more surgical. Rather than clogging your entire IP space with bogus traffic, attacks can now target a particular application or protocol.<\/p>\n\n\n\n<p>Let\u2019s look at the different types of attacks you may experience:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Volumetric DDoS Attacks \u2013 saturates the network layer<\/h3>\n\n\n\n<p>Historically the most common, but least \u201celegant\u201d of the DDoS attack types, volumetric attacks occur at the network layer. The intent of the attacker is to overwhelm your IP network bandwidth with a large amount of illegitimate traffic. When this happens, your users and customers (all that legitimate traffic) cannot get through to you.&nbsp;<\/p>\n\n\n\n<p><strong>How do you know you\u2019re under a volumetric DDoS attack?<\/strong><\/p>\n\n\n\n<p>With no known cause for the increased traffic, across your network (not just for a single application) \u2013 you\u2019re experiencing:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sudden and surging traffic spikes<\/li>\n\n\n\n<li>Your customers can\u2019t reach your website or services<\/li>\n\n\n\n<li>Your users experience delays across network services<\/li>\n\n\n\n<li>Your firewall or IPS\/IDS systems are sending alarms<\/li>\n\n\n\n<li>If you can see the source of incoming traffic \u2013 it\u2019s all coming from the same place<\/li>\n<\/ul>\n\n\n\n<p>These are easy attacks to carry out with particular brute force. They use simple methods, require little understanding of the technology involved, and can be purchased cheaply online.<\/p>\n\n\n\n<p>Automation makes volumetric attacks more damaging \u2013 they last longer, they involve more bandwidth, and they\u2019re occurring more frequently. Botnet attacks search and find weaknesses, can be easily amplified, and are inexpensive to execute.<\/p>\n\n\n\n<p><strong>Real life example of a volumetric attack<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/therecord.media\/activision-blizzard-crippled-by-ddos\">Activision Blizzard experienced a volumetric DDoS attack<\/a> that flooded their authentication servers, rendering their most popular games \u2013 including World of Warcraft and Call of Duty \u2013&nbsp; unreachable for players.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Application DDoS Attacks \u2013 target your online applications<\/h3>\n\n\n\n<p>Application-layer DDoS attacks are harder to detect than volumetric attacks, but they\u2019re also harder to pull off for the attacker. These sophisticated attacks target an individual online application in order to disrupt the online services the application provides.<\/p>\n\n\n\n<p>In order to launch a successful application layer attack, the attacker must craft requests (such as form fills on your website) that look like legitimate traffic. And in order to do <em>that<\/em>, they need an in-depth understanding of the target application\u2019s behavior, logic, and weaknesses.&nbsp;<\/p>\n\n\n\n<p>These attackers understand and manipulate sessions, cookies, and authentication tokens. And since the potential vulnerabilities are different for each application, the attacker must have sophisticated technical knowledge across a broad range of applications.<\/p>\n\n\n\n<p><strong>How do you know you\u2019re under an application-layer DDoS attack?<\/strong><\/p>\n\n\n\n<p>Since attack traffic mimics legitimate user traffic, it\u2019s harder to tell that you\u2019re under an application-layer attack. Look for these signs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sudden spikes in specific application traffic with no real cause<\/li>\n\n\n\n<li>Lots of reported errors \u2013 especially 5xx status codes (502, 503, or 504 errors) \u2013 a sign that your network is struggling to handle the increased traffic load<\/li>\n\n\n\n<li>Weird behaviour such as repetitive login attempts or form submissions<\/li>\n\n\n\n<li>Strained server behavior, such as memory or CPU usage that seemingly cannot keep up with demand<\/li>\n<\/ul>\n\n\n\n<p><strong>Example of an application-layer DDoS attack<\/strong><\/p>\n\n\n\n<p>We\u2019re seeing an increase in multi-vector application attacks \u2013 where an attack concurrently targets multiple components of the victim\u2019s applications (such as simultaneously attacking HTTP web resources and database operations), pivoting to different components when the attacker detects protective security measures in place.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Protocol DDoS Attacks \u2013 disable the rules of the conversation<\/h3>\n\n\n\n<p>Of the three types of DDoS attacks, protocol-layer attacks are the newest on the scene, the most difficult to detect, and potentially the most disruptive. Protocol attacks target the protocols that devices and servers on your network use to communicate. Since protocols define the rules of machine-to-machine communication, taking them down can affect multiple services and applications that rely on the targeted protocol.&nbsp;<\/p>\n\n\n\n<p>Protocol DDoS attacks are generally less sophisticated than application-layer DDoS attacks, making them increasingly common. The lower-layer network protocols attacked, such as TCP\/IP, ICMP, and DNS, have well-defined conduct, whose weaknesses can be easy to exploit. Attackers need not know the subtleties of application-layer behaviour to flood a vulnerable protocol with malicious traffic.<\/p>\n\n\n\n<p><strong>How do you know you\u2019re under a protocol-layer DDoS attack?<\/strong><\/p>\n\n\n\n<p>These attacks target specific protocol resources like CPU, memory, or connection limits. Look for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unexplained increases in resource usage<\/li>\n\n\n\n<li>Unusual patterns of responses such as excessive 4xx or 5xx error codes<\/li>\n\n\n\n<li>An increase in ICMP ping traffic<\/li>\n\n\n\n<li>Unusually elevated TCP SYN packets or other unusual protocol behavior<\/li>\n\n\n\n<li>Traffic spikes, increased latency, increased packet loss<\/li>\n<\/ul>\n\n\n\n<p><strong>Example of a protocol-layer DDoS attack<\/strong><\/p>\n\n\n\n<p>In <a href=\"https:\/\/www.csoonline.com\/article\/646765\/sophisticated-http-and-dns-ddos-attacks-on-the-rise.html\">DNS water torture attacks<\/a>, the attacker floods DNS resolvers with DNS requests, overwhelming the network which can, in turn, trickle down to other layers<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>It <\/strong><strong><em>Doesn\u2019t Matter<\/em><\/strong><strong> Which Type of DDoS Attack Targets You<\/strong><\/h2>\n\n\n\n<p>While the attacker may care deeply about the type of DDoS attack he launches, it makes little difference to the victim, for two main reasons:<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>All DDoS attack types aim to disrupt, and (without protection) they succeed<\/strong><\/h6>\n\n\n\n<p>You\u2019ve likely noticed that the \u201csymptoms\u201d of each type of attack described above are similar, no matter the tactics used by the attacker. Further, since your online presence is a complex machine of intercommunicating parts, a wrench thrown into the machine, no matter where, will cause the disruption.<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><strong>A robust DDoS mitigation programme can stop them all<\/strong><\/h6>\n\n\n\n<p>The overall response to DDoS attacks (all of them) is the same \u2013 establishing a baseline of \u201cnormal\u201d traffic patterns for your organization, identifying when your traffic deviates from its normal behavior, and mitigating the damage the attack is attempting to cause. DDoS mitigation services are effective against all three attack types described in this blog.<\/p>\n\n\n\n<p>If the attacker&#8217;s motives, the harmful outcomes of a DDoS attack, and the methods to counter it are alike, there&#8217;s no need for specific precautions against any individual attack type. However, safeguarding your organization against DDoS attacks as a whole remains essential.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Prevent DDoS Attacks<\/strong><\/h2>\n\n\n\n<p>You can stay one step ahead of DDoS attackers by taking any number of steps to protect your organization. If ever an ounce of prevention is worth a pound of cure, DDoS protection is it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. Opt into DDoS protection from your network provider&nbsp;<\/h3>\n\n\n\n<p>Look for a DDoS Protection service with the following elements:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The provider offers a network-based service, and has ample backbone capacity to mitigate even the largest attack<\/li>\n\n\n\n<li>The provider stops and diverts attack traffic before it impacts your business<\/li>\n\n\n\n<li>The provider uses BGP Flowspec (vs. GRE tunnels) so they can protect your individual IP addresses. Providers that use GRE tunnels will take the entire \/24 (all 253 IP addresses) and scrub it all. That translates to greater latency, even for legitimate traffic.<\/li>\n\n\n\n<li>The provider mitigates all types of DDoS attack traffic<\/li>\n<\/ul>\n\n\n\n<p>Combining an in-line protection scheme with a virtual cloud-based DDoS protection service will offer you comprehensive coverage.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Distribute incoming traffic&nbsp;<\/h3>\n\n\n\n<p>When you strategically distribute traffic, no single server handles it all. Do this by implementing:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Load balancing: <\/strong>When you load balance your traffic, you distribute requests among multiple application servers in multiple data centres&nbsp;<\/li>\n\n\n\n<li><strong>CDNs: <\/strong>If you\u2019ve invested in a content distribution network (CDN) \u2013 you have a fully managed solution that offers some DDoS attack protection. Since CDNs hide the host IP address and distribute traffic using caching to geographically dispersed edge servers, you\u2019re naturally protected against DDoS attacks. However, those host IP addresses are sometimes discovered, so even with a CDN, additional protection would be wise.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. Restrict incoming traffic&nbsp;<\/h3>\n\n\n\n<p>Tools that restrict the number of incoming requests or the level of incoming traffic can identify and mitigate attack traffic. These tools include:<\/p>\n\n\n\n<p>While inadequate as standalone DDoS protection, <strong>firewalls<\/strong> can provide a first level of defence with proper configuration that includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Content filtering<\/strong> to identify and block known attack patterns, especially for application-layer attacks<\/li>\n\n\n\n<li><strong>Rate limiting<\/strong> to limit the rate of incoming traffic from a single source, though be careful to not block legitimate traffic<\/li>\n\n\n\n<li><strong>Stateful Packet Inspection<\/strong> to reject packets that don&#8217;t belong to established connections or sessions<\/li>\n\n\n\n<li><strong>Load Balancing<\/strong> to eliminate single points of failure by distributing incoming traffic across multiple servers or data centres<\/li>\n\n\n\n<li><strong>Anomaly Detection<\/strong> that identifies unusual traffic patterns and alerts the network to take action against a possible DDoS attack<\/li>\n\n\n\n<li><strong>IP Blacklisting<\/strong> to prevent traffic from known bad IP addresses, and <strong>IP Whitelisting <\/strong>to allow traffic only from known, trusted IP addresses<\/li>\n<\/ul>\n\n\n\n<p>Designed to distinguish humans from computers, <strong>CAPTCHAs<\/strong> can be an effective line of defence against bot attacks, especially on popular websites and pages. Be careful to strike the right balance between good security and potentially inconveniencing your customers.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Regularly test, train, and plan<\/h3>\n\n\n\n<p>Since a strategic combination of mitigation methods will provide the best protection, plan for the inevitable attack by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Testing your security by punching holes in it \u2013 find potential vulnerabilities<\/li>\n\n\n\n<li>Reducing your attack surface by disabling unused protocols, pages, forms, and other online entry points for an attack<\/li>\n\n\n\n<li>Conducting DDoS attack simulations as a team training exercise<\/li>\n\n\n\n<li>Creating and testing your business continuity plan so your team knows how to respond to minimize the damage from a DDoS attack<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion&nbsp;<\/strong><\/h2>\n\n\n\n<p>I know it\u2019s tempting to save money and bide your time, only considering DDoS protection when you\u2019re under an active attack, but when the average company spends over <a href=\"https:\/\/f.hubspotusercontent20.net\/hubfs\/6483172\/2021\/website-content\/whitepapers\/always-on-real-time-ddos-security-whitepaper.pdf?utm_campaign=WP-2021-01-25-Always-On-Real-Time-Whitepaper-Omnisperience&amp;utm_medium=email&amp;_hsmi=108065077&amp;_hsenc=p2ANqtz-_3r05UJUh8inQJTzrsg4taSmh1ifiHCnZNiFztjteCCLDeloP3FILOLUJI9JVPbfgInz5IYlXA-FhLdVi_3waoySDCIA&amp;utm_content=108065077&amp;utm_source=hs_automation\">$200,000 to recover from a single attack<\/a>, we also know that the benefits of protection far outweigh the costs.&nbsp;<\/p>\n\n\n\n<p>Who is likely to be attacked? Consider that in the first half of 2023 alone, DDoS attackers targeted:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enterprises across all industries<\/li>\n\n\n\n<li>Very large to very small companies<\/li>\n\n\n\n<li>Airports, hospitals, utilities, and other critical infrastructure<\/li>\n\n\n\n<li>Federal, state, and local governments \u2013 including schools<\/li>\n\n\n\n<li>Telecom and cloud companies<\/li>\n\n\n\n<li>Many more<\/li>\n<\/ul>\n\n\n\n<p>And they attack vulnerable organizations multiple times. Don&#8217;t wait until you&#8217;re attacked to protect your organization, <a href=\"https:\/\/zayoeutrans.burbledev.com\/services\/packet\/ddos-protection\/\">learn more about Zayo DDoS Protection<\/a>.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog dives into the 3 types of DDoS attacks and how to protect yourself against them.<\/p>\n","protected":false},"featured_media":7321,"template":"","meta":{"_acf_changed":false,"resource-post-excerpt":"This blog dives into the 3 types of DDoS attacks and how to protect yourself against them. ","footnotes":""},"resource-topics":[150],"displayed":[107],"resources-categories":[44],"industry":[],"services-amp-solutions":[33],"class_list":["post-7320","resources","type-resources","status-publish","has-post-thumbnail","hentry","resource-topics-cybersecurity","displayed-thought-leadership-networking-101","resources-categories-blog","services-amp-solutions-network-connectivity"],"acf":[],"_links":{"self":[{"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/resources\/7320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/resources"}],"about":[{"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/types\/resources"}],"version-history":[{"count":1,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/resources\/7320\/revisions"}],"predecessor-version":[{"id":10982,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/resources\/7320\/revisions\/10982"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/media\/7321"}],"wp:attachment":[{"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/media?parent=7320"}],"wp:term":[{"taxonomy":"resource-topics","embeddable":true,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/resource-topics?post=7320"},{"taxonomy":"displayed","embeddable":true,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/displayed?post=7320"},{"taxonomy":"resources-categories","embeddable":true,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/resources-categories?post=7320"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/industry?post=7320"},{"taxonomy":"services-amp-solutions","embeddable":true,"href":"https:\/\/zayoeutrans.burbledev.com\/fr\/wp-json\/wp\/v2\/services-amp-solutions?post=7320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}