How DDos Attacks Work?
From a single computer, it is difficult for attackers to generate the volume of traffic needed to crash a network or website. DDoS attacks typically require dozens of running devices. This is known as botnet, and users are not aware that their device is involved in a botnet attack because of malicious software installed on their machines.
Some Types of DoS -DDoS Attacks
1-) Volume-Based Attacks
In order to execute Volume-Base attacks, attackers use many websites and Internet connections to block traffic. Thus, a large amount clogs the available bandwidth of the website. Volume-Based attacks are measured in bits per second (Bps).
1.1 UDP Flood
UDP flood is an example of a volume-based attack. UDP required for Internet protocol (IP) packet (User Data Protocol) and a non-logged on network protocol. In a UDP flood attack, an attacker passes random ports on the targeted host. Thus, as more UDP packets are received and answered, the system cannot remove requests and therefore cannot respond.
2-) Protocol Attacks
Unlike other attacks, protocol attacks try to consume server resources and websites, not tape resources, by making fake protocols requests. In addition, “intermediate communication equipment” server and website tools are also targeted. The strength of these attacks is measured in packets per second (Pps).
2.1 Smurf DDOS
Smurf DDoS, a protocol attack, also exploits ICMP (Internet Control Message Packet), which includes the attacker’s fake IP. If the number of devices on the network is large enough, the service on the network is broken because the user’s computer responds to the source IP address of most devices on the network.
3-) Application Layer Attacks
Application layer attacks require less resources than volume-based attacks and protocol attacks. Application layer attacks; aims to disrupt certain functions or features of a website, such as online transactions. This type of attack brings the servers down by making numerous requests that seem harmless by mimicking the traffic behavior of users in applications such as Apache, Windows, and OpenBSD. However, application-layer attacks can only go unnoticed because they are targeting specific application packages. The strength of these attacks is measured in requests per second (Rps).
Slowloris, an application layer attack, is a highly targeted attack that allows a web server to take over another server without affecting other services or ports on the target network. It performs this attack by establishing multiple connections to the target web server and keeping those connections as open as possible. Slowloris continually sends more HTTP headers to these links, but never completes a request. The targeted server keeps each of these incorrect connections open. This ultimately exceeds the maximum amount of concurrent connections and leads to rejection of additional connections from customers.