DDoS Definitions - DDoSPedia

  • This glossary focuses on network and application security terms with many DDoS-related definitions, a "DDoS-pedia" – its goal is to provide a central place for hard to find web-scattered definitions on this topic.

  • DDoSpedia

    Distributed Denial-of-Service (DDoS) Attack

    Distributed Denial-of-Service or DDoS attacks are a variant of Denial-of-Service Denial-of-Service (DoS) attacks where an attacker or a group of attackers employ multiple machines to carry out a DoS attack simultaneously, therefore increasing its effectiveness and strength. The “army” carrying out the attack is mostly often composed of innocent infected zombie computers manipulated as bots and being part of a botnet controlled by the attacker via a Command and Control Server. A botnet is powerful, well coordinated and could count millions of computers. It also insures the anonymity of the original attacker since the attack traffic originates from the bots’ IPs rather than the attacker’s. In some cases, mostly in ideological DDoS attacks, this “army” could also be composed of recruited hackers/hacktivits participating in large DDoS attack campaigns (Operation Blackout, Operation Payback etc.).

    DDoS attacks are hard to detect and block since the attack traffic is easily confused with legitimate traffic and difficult to trace.

    There are many types of DDoS attacks targeting both the network and the application layers. They could be classified upon their impact on the targeted computing resources (saturating bandwidth, consuming server’s resources, exhausting an application) or upon the targeted resources as well:

    • Attacks targeting Network Resources: UDP Floods, ICMP Floods, IGMP Floods.
    • Attacks targeting Server Resources: the TCP/IP weaknesses –TCP SYN Floods, TCP RST attacks, TCP PSH+ACK attacks – but also Low and Slow attacks as Sockstress for example and SSL-based attacks, which detection is particularly challenging.
    • Attacks targeting the Application Resources: HTTP Floods, DNS Floods and other Low and Slow attacks as Slow HTTP GET requests (Slowloris) and Slow HTTP POST requests (R-U-Dead-Yet).
    • A DDoS attack usually comprises more than three attack vectors thus increasing the attacker’s chances to hit its target and escape basic DoS mitigation solutions.

    How can you prevent and stop DDoS attacks? Find out more about Radware’s DDoS attack prevention system, DefensePro, and how it can protect your network from brute force attacks.