DDoS (Distributed Denial of Service) attacks are wrongly viewed as minor attacks by the security community because they are expected to have a limited impact over time, and victims often experience several hours of service interruption. Inevitably, no other damage is observed.
Recent events have demonstrated the impact of similar attacks that can cause huge economic losses and, of course, can have serious image implications.
Another observed phenomenon is that attackers not only target the web infrastructure but also try to exploit flaws or incorrect settings within the Domain Name System (DNS) infrastructure. According to the 2012 Arbor Networks Global Infrastructure Security Report, 41% of respondents experienced DDoS attacks on their DNS infrastructure, indicating concern.
There are no specific victim profiles from managed ddos services, banking services, payment services, or email providers. More generally, all web service providers can face this type of crime.
Similarly, there is no typical profile for attackers, cybercriminals, hackers, and country sponsored hackers. Use a similar strategy to attack large targets.
Before discussing mitigation techniques, it is useful to present the main DDoS categories that the security community uses to classify these dangerous events.
Volume-based attacks: Attackers try to saturate the target bandwidth with large amounts of data. This category includes ICMP floods, UDP floods, and other counterfeit packet floods. This type of attack is very common and very easy to achieve thanks to a large number of tools available for free on the Internet. This technique is very popular with underground hacktivist organizations. The magnitude of attacks based on volume is measured in bits per second (Bps).
Protocol Attack: The attacker's goal is to saturate the server resources of a target or intermediate communication device (such as a load balancer) that exploits a flaw in the network protocol. This category includes SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS, and more. The magnitude of protocol attacks is measured in packets per second.
Application layer attacks - Attackers target HTTP to try to run out of web service resource limits. Application layer attacks target specific web applications and floods them with a large number of requests that saturate the target's resources. Application layer attacks do not necessarily require a lot of traffic and are difficult to detect because they require less network connectivity than other types of DDoS techniques. Examples of application-layer DDoS attacks include Slowloris, DDoS attacks targeting Apache, Windows, or OpenBSD vulnerabilities. The magnitude of application-layer attacks is measured in requests/second.