As we explained in our article What Is A DDoS Attack, there are many types of DDoS attack. In fact, a successful DDoS is one of the most terrifying things a small business can face.
Other forms of cyberattack will often leave your website up and running (albeit compromised). However, the purpose of a DDoS attack is to take your website offline (temporarily or even permanently). This means:
- Customers can’t buy from you
- Google penalises your search rankings
- Your reputation suffers
In today’s article, we’ll outline the main types of DDoS attack. Remember, CyberAlpha’s managed website security packages all come with DDoS attack protection as standard.
DoS or DDoS?
Our first distinction is between the standard Denial of Service attack, and the more complex (and dangerous) Distributed Denial of Service attack.
Both cyberattacks attempt to overwhelm a website with (fake) traffic. The huge spike in traffic means that the website isn’t able to service its real users. Most of the time, a successful attack results in the website going down. The Wikipedia page on DDoS gives the analogy:
A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade.
The difference is that a DoS attack comes from a single source. A DDoS attack, on the other hand, comes from many sources. This makes it extremely hard to stop with conventional security measures (because blocking a single source won’t stop the attack).
In the rest of this article, we’ll focus on types of DDoS attack because they are far more dangerous to your business.
Flood attacks are the standard DDoS technique. They try to overwhelm your website with a “flood” of activity. Here are the most common types:
UDP stands for User Datagram Protocol (it’s an alternative to TCP). In a UDP flood attack, the hacker sends a large number of UDP packets to the host.
The host is forced to respond each time with an ICMP packet. Eventually the volume of activity means that legitimate users can’t reach your website.
This is similar to the UDP attack above, only it’s ICMP packets that are sent to start with. Every time your website tries to respond, it consumes bandwidth. Your site will quickly slow down, and eventually be forced to shut down.
When a hacker sends an SYN request to your website, it has to respond with something called an ACK response. During an SYN flood attack, the requests keep arriving, tying up all your website’s resources and preventing it from doing anything else.
This type of attack is especially worrying for small businesses. Unlike the other flood attacks, it doesn’t need sophisticated techniques like:
- Malformed packets
It also doesn’t need a huge amount of bandwidth to launch an HTTP flood. The idea is simply to overwhelm the website with “normal” visits until it can’t cope. A lone hacker (or even a disgruntled ex-employee) could target you with this sort of attack.
Other Types of DDoS Attack
Ping of Death
A “ping” is a legitimate technique used to test that a host is reachable. The host pings a computer and checks/measures the round trip back.
This can be used maliciously, however, if the ping is deliberately malformed or oversized. In particular, a ping that’s larger than expected can cause a website to crash immediately.
Another extremely dangerous type of DDoS attack. Slowloris allows a single computer to attack a webserver by keeping lots of different connections open. Eventually, all the possible connections are filled, meaning that legitimate visitors can’t connect to your website.
Whenever you install new software, you are vulnerable to a zero-day attack. A zero-day vulnerability is one which is discovered after the release of a product (i.e. before the software company has been able to repair it).
A zero-day DDoS attack takes advantages of these “teething problems” before a software patch can be released.
If you’re concerned that your business is vulnerable to one of the types of DDoS attack listed in this article, please get in touch.