A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.
Active Global DDoS Attack Map
Attack Class: Four common categories of attacks
TCP Connection Attacks – Occupying connections
These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.
Volumetric Attacks – Using up bandwidth
These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.
Fragmentation Attacks – Pieces of packets
These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.
Application Attacks – Targeting applications
These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).
Amplification: Two ways attacks can multiply traffic they can send.
DNS Reflection – Small request, big reply.
By forging a victim’s IP address, an attacker can send small requests to a DNS server and ask it to send the victim a large reply. This allows the attacker to have every request from its botnet amplified as much as 70x in size, making it much easier to overwhelm the target.
Chargen Reflection – Steady streams of text
Most computers and internet-connected printers support an outdated testing service called Chargen, which allows someone to ask a device to reply with a stream of random characters. Chargen can be used as a means for amplifying attacks similar to DNS attacks above.