In this post, you will learn what is DDoS. And how it works exactly and three different types of DDoS attacks will be explained. I have already written a post on DoS(Denial of service) to read more about DoS [Click here].
What is DDoS?
DDoS stands for “distributed denial of service“, DDoS is a type of cyberattack. The primary target using a DDoS attack is to take down the Network infrastructure or crash the server. The attack takes place by sending unwanted traffic to the Network which doesn’t allow the real traffic. The interesting fact in DDoS attacks is mostly probably cybercriminals use IoT (Internet of things) devices in distributed denial of service attacks.
I have already written a post on IoT devices. And how they involve in DDoS, To read [Click here].
Take look at the below image for better understanding;
Also Read: What is Incident response?
How exactly DDoS attack works
The most important thing for cybercriminals to conduct a distributed denial-of-service attack is the number of Bots the cybercriminals compromised. When Bots together forms a Botnet then the criminal is ready to perform an attack. But wait let’s see how he/she compromised, As many devices. According to me cybercriminals most probably don’t compromise active devices such as laptop, computer and phones. Instead, criminals compromise IoT(Internet of things) devices.
Cybercriminals compromise IoT devices because most of the IoT devices uses a default password. Even wifi enable light can be involved in a DDoS attack.
Now the hacker has compromised the device and he has set of traffic and then now the criminal will be searching for vulnerabilities in the traffic. Even if there is no vulnerability found he/she can still perform a DDoS attack but servers and sites got some advanced scanning tools so, if there is a vulnerability found then it will be easier to take over the network infrastructure.
There are three kinds of DDoS attacks;
- Application layer attack
- Protocol Attack
- Volumentric attack
Application layer attack
Application layer or 7th layer of network attack. Apart from other DDoS types, this is a slow attack. It can either be DoS or DDoS attack. DDoS sends continuous HTTP traffic to the targeted network. In the application layer, the traffic is measured in RPS which means request per second. Per second there will be 50 to 100 RPS.So, the traffic clearly is very common. Identifying this type of attack is really tough.
Protocol Layer Attack
Protocol layer or Network layer attack. In this attack, the cybercriminals will focus on level 3 and level 4 that is the Network layer and Transport layer. In this attack, the traffic will over consume memory and other resources. As a result, the server will crash. When the SSL or TCP doesn’t do the handshake then there will be continuous host problems.
In this type of attack, the Bots eat up every bandwidth between the target. A massive amount of botnet is sent to the target by using some form of amplification.
Also Read: How Blue team works
Also Read: How Red team works