Major types of distributed denial of service attacks include attacks targeting network or server resources, low and slow attacks, SSL-based attacks, and attacks targeting application resources.
Distributed denial of service attacks that target network resources use a large volume of illegitimate traffic to try to consume all of a victim's network bandwidth. These network flood attacks are simple, yet effective. In a typical flooding attack, the offense is distributed among an army of thousands of volunteered or compromised computers—a botnet—that sends a huge amount of traffic to the targeted site, overwhelming its network. Legitimate users trying to access a site under a flooding attack will find the attacked site incredibly slow or unresponsive.
Distributed denial of service attacks that target server resources attempt to exhaust a server's processing capabilities or memory to cause a DDoS condition. An attacker takes advantage of an existing vulnerability on the target server or in a communication protocol. The target server (website, web application server, web application firewall, or intrusion prevention system) becomes so busy handling illegitimate requests that it no longer has the resources to handle legitimate requests.
Low and slow distributed denial of service attacks, unlike floods, do not require a large amount of traffic. They target specific design flaws or vulnerabilities on a target server with a relatively small amount of malicious traffic, eventually causing it to crash. Low and slow attacks mostly target application resources (and sometimes server resources). By nature, they are very difficult to detect because they involve connections and data transfer that appear to occur at a normal rate.
With With SSL-based distributed denial of service attacks, each SSL session handshake consumes 15 times more resources from the server side than from the client (attack) side, making DDoS attack prevention extremely challenging. As a result, a single standard home PC can take down an entire SSL-based web server, and several computers can take down a complete farm of large, secured online services.
Denial of service attacks and distributed denial of service attacks targeting applications focus not only on the Hypertext Transfer Protocol (HTTP), but also on HTTPS, DNS, SMTP, FTP, VOIP and other application protocols that have exploitable weaknesses. Low and slow approaches are particularly prominent because most target weaknesses in the HTTP protocol, the most widely used application protocol on the Internet.
Protecting Against DoS and DDoS Attacks
The DoS and DDoS attacks described above target network resources, server resources, and applications. These attacks are simple, yet extremely effective, meaning that they require sophisticated DDoS mitigation and DDoS protection solutions.