DDoS attacks come in many different forms, from Smurfs to Teardrops, to Pings of Death. Below are details about the common types of attacks and amplification methods.
Attack Class: Four common categories of attacks
TCP Connection Attacks – Occupying connections
These attempt to use up all the available connections to infrastructure devices such as load-balancers, firewalls and application servers. Even devices capable of maintaining state on millions of connections can be taken down by these attacks.
Volumetric Attacks – Using up bandwidth
These attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet. These attacks are simply about causing congestion.
Fragmentation Attacks – Pieces of packets
These send a flood of TCP or UDP fragments to a victim, overwhelming the victim’s ability to re-assemble the streams and severely reducing performance.
Application Attacks – Targeting applications
These attempt to overwhelm a specific aspect of an application or service and can be effective even with very few attacking machines generating a low traffic rate (making them difficult to detect and mitigate).
Amplification: Two ways attacks can multiply traffic they can send.
DNS Reflection – Small request, big reply.
By forging a victim’s IP address, an attacker can send small requests to a DNS server and ask it to send the victim a large reply. This allows the attacker to have every request from its botnet amplified as much as 70x in size, making it much easier to overwhelm the target.
Chargen Reflection – Steady streams of text.
Most computers and internet connected printers support an outdated testing service called Chargen, which allows someone to ask a device to reply with a stream of random characters. Chargen can be used as a means for amplifying attacks similar to DNS attacks above.