Distributed Denial-of-Service (DDoS) attacks are one of the oldest cybersecurity threats and have been around since the early days of the internet. Although there are many DDoS attack types (which we’ll analyze in a bit), they all follow a similar structure: malicious forces completely shut down email, websites, bank accounts, or other online services by flooding their hosts with heavy traffic. Overwhelmed by the requests, the system will either crash or begin limiting access to all users, even those who are permitted and registered to use it.1 While administrators and security professionals try to get back in, the attackers have free reign of all the host’s information, security controls, and functions and are free to do with it what they please.
Initially just a mild annoyance instigated by bored individuals to take down servers, DDoS attacks have evolved into complex, automated programs targeting high-profile corporations and government agencies. A recent example is UK citizen Alex Bessell, also known as the Skype DDoSer, who was arrested in 2018 for launching DDoS attacks on Google, Nintendo and Skype.2
10 Types of DDoS Attacks
Most DDoS attacks fit into one of three categories: protocol attacks, application layer attacks, or volume-based attacks. There are several different DDoS attack types within each category, some fully automated and some semi-automated. However, the underlying intention remains the same across all of the tactics: to temporarily disrupt or entirely disable the operations of a server or computer network. In this list, we outline and describe the 10 most common types of DDoS attacks.3
1. Packet Flood (SYN/UDP/ICMP/other)
A packet flood is the original and simplest form of DDoS attack types, exploiting basic network traffic protocols to flood a server with millions of redundant requests. Some of the different protocols used in packet flood attacks include SYN, UDP and ICMP, amongst others. Although simple, packet floods remain one of the most used and best DDoS methods available.4
2. Zero-day DDoS Attack
Zero-day attackers exploit errors in code that haven't been discovered or patched by the developers yet. Hackers use these gaps in security to infiltrate systems and launch DDoS attacks.5 Zero-day exploits are not restricted to DDoS attacks. Apple recently patched a zero-day vulnerability in its iOS mobile operating system that was likely being used to unlock stolen phones.6
3. CharGEN Attack
CharGEN is an old, exploitable protocol often found on internet-enabled printers and copiers that can't be patched. Via the CharGEN attack, hackers can access a device and flood the network with UDP requests on port 19.7
4. Protocol Amplification
Much like a CharGEN attack, protocol amplification attacks exploit devices using common public protocols like NTP or SNMP. They spoof an IP address to gain access and, once inside, flood the system with amplified UDP or SYN requests.8
DDoS amplification attacks can also be performed using lesser-known protocols like SSDP, SNMPv2, NetBIOS, QOTD and Memcached. Cybersecurity company CloudFlare recently found that an amplified memcached attack using only 15 bytes could elicit a 750KB response—an amplification of 51,200 times.9
5. Slowloris
Slowloris is a specialized DDoS type that opens multiple connections to a web server by sending partial HTTP requests. Eventually, with too many connections open, the web server can no longer serve legitimate clients and goes offline.10
6. Ping of Death
A Ping of Death scenario exploits a function used by network systems that break down large IP packets into small fragments for Ethernet transmission. By manipulating the size of a fragment, it can create a situation where a reassembled IP packet is larger than the maximum allowed length, causing memory overflow and dropping legitimate packets.11
7. Applications Level attacks
Bad code found in applications that run on web servers can be exploited to take down the entire web server. The popular blogging site WordPress is an example of a site that could be exploited to achieve this. Two types of application-level attacks include HTTP flooding and BGP hijacking.12
8. IP Null
By setting the value of an IPv4 header to zero, hackers can get around security systems that scan Transport Protocols. Send enough of these IP Null packets to a server and it will eventually overload and reboot.13
9. Multi-Vector Attacks
Some hackers make use of multiple different DDoS attack types at the same time to increase the severity of the attack. This is often used when attempting to access a highly secure system where a standard DDoS attack would be detected quickly.14
10. Multiple Fake Session Attacks
Almost all modern cybersecurity systems will quickly detect and take down a standard DDoS attack, so hackers have developed advanced methods to trick security systems. These involve the initiation of multiple fake ACK (acknowledge) sessions within a TCP communication process, followed by RST (reset) and FIN (finish) sessions that generate low TCP-SYN traffic. When used concurrently and en masse, these sessions eventually exhaust the resources of a security network and take the system down.15
The above are just a few examples of the many DDoS attack types that hackers are constantly improving upon daily. As more and more companies move the majority of their operations online, cybersecurity is quickly becoming the most critical part of a business.
Learn How to Stop These and Other DDoS Attack Types
Cyberattacks are on the rise in 2022 and don't look like they will abate anytime soon. Some estimates suggest there will be as many as 35 million unfilled cybersecurity positions by 2025.16 If you want to get involved in this burgeoning industry and help fend off the growing threat of hackers, consider an online Master of Science in Cybersecurity from the Katz School of Science and Health.
Our convenient online course can be completed from home in your own time, leaving you free to attend to any existing family or work commitments. Our online MS in Cybersecurity focuses on both the technical and business side of cybersecurity, ensuring you're ready for rapid career growth within the industry. Get started by talking with an Admissions Advisor or starting your application today.
- Retrieved on February 25, 2022, from cisa.gov/uscert/ncas/tips/ST04-015#:~:text=A%20distributed%20denial%2Dof%2Dservice%20(DDoS)%20attack%20occurs,carry%20out%20large%20scale%20attacks
- Retrieved on January 30, 2022, from zdnet.com/article/hacker-jailed-for-ddos-attacks-against-pokemon-skype-and-google/
- Retrieved on January 30, 2022, from imperva.com/learn/ddos/denial-of-service/
- Retrieved on January 30, 2022, from encyclopedia.kaspersky.com/glossary/flood-ping-syn-udp/
- Retrieved on January 30, 2022, from kaspersky.com/resource-center/definitions/zero-day-exploit
- Retrieved on January 30, 2022, from techtarget.com/searchsecurity/news/252512563/Apple-security-update-fixes-zero-day-vulnerability
- Retrieved on January 30, 2022, from ddos-guard.net/en/terminology/chargen-flood
- Retrieved on January 30, 2022, from cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/
- Retrieved on January 30, 2022, from blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/
- Retrieved on January 30, 2022, from imperva.com/learn/ddos/slowloris/
- Retrieved on January 30, 2022, from imperva.com/learn/ddos/ping-of-death/
- Retrieved on January 30, 2022, from netscout.com/what-is-ddos/application-layer-attacks
- Retrieved on January 30, 2022, from ddos-guard.net/en/terminology/attack_type/ip-null-attack
- Retrieved on January 30, 2022, from corero.com/blog/understanding-and-stopping-multi-vector-ddos-attacks/
- Retrieved on January 30, 2022, from javapipe.com/blog/ddos-types/
- Retrieved on January 30, 2022, from forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/