📘 This content originated from JavaPipe’s blog. JavaPipe has now merged with Mochahost, providing an improved range of hosting services with added benefits and dependable service quality. Check out the fastest hosting plans here: DDoS Protected VPS
35 Types of DDoS Attacks Explained
DDoS attacks are a major concern for online businesses. According to the Q3 2015 Security Report by Akamai, there’s a 179.66% increase in the total number of DDoS attacks! This figure suggests that, in the last two years, an alarming number of businesses have been targeted by criminals, activists, and hackers for nefarious reasons. It can not only deny service to the business’ users but also result in expensive bills. Some DDoS attacks can even be financially devastating for a business! From trying to flood a target with ping command based ICMP echo request to multi-vector attacks, DDoS attacks have grown bigger and sophisticated over the years. In this post, we will take a look at the different types of DDoS attacks. Here’s a list of the different DDoS attack types.Table of Contents
- Application Level Attacks
- Zero Day (0day) DDoS
- Ping Flood
- IP Null Attack
- CharGEN Flood
- SNMP Flood
- NTP Flood
- SSDP Flood
- Other Amplified DDoS Attacks
- Fragmented HTTP Flood
- HTTP Flood
- Single Session HTTP Flood
- Single Request HTTP Flood
- Recursive HTTP GET Flood
- Random Recursive GET Flood
- Multi-Vector Attacks
- SYN Flood
- SYN-ACK Flood
- ACK & PUSH ACK Flood
- ACK Fragmentation Flood
- RST/FIN Flood
- Synonymous IP Attack
- Spoofed Session Flood
- Multiple SYN-ACK Spoofed Session Flood
- Multiple ACK Spoofed Session Flood
- Session Attack
- Misused Application Attack
- UDP Flood
- UDP Fragmentation Flood
- DNS Flood
- VoIP Flood
- Media Data Flood
- Direct UDP Flood
- ICMP Flood
- ICMP Fragmentation Flood
Application Level Attacks
DDoS attacks can target a specific application or a badly coded website to exploit its weakness and take down the entire server as a result. WordPress (we now offer the best WordPress hosting on the web) and Joomla are two examples of applications that can be targeted to exhaust a server’s resources – RAM, CPU, etc. Databases can also be targeted with SQL injections designed to exploit these loopholes. The exhausted server is then unavailable to process legitimate requests due to exhausted resources. Websites and applications with security loopholes are also susceptible to hackers looking to steal information.Zero Day (0day) DDoS
This is a standard term (like John Doe) used to describe an attack that is exploiting new vulnerabilities. These ZERO Day DDoS vulnerabilities do not have patches or effective defensive mechanisms.Ping Flood
An evolved version of ICMP flood, this DDoS attack is also application specific. When a server receives a lot of spoofed Ping packets from a very large set of source IP it is being targeted by a Ping Flood attack. Such an attack’s goal is to flood the target with ping packets until it goes offline. It is designed to consume all available bandwidth and resources in the network until it is completely drained out and shuts down. This type of DDoS attack is also not easy to detect as it can easily resemble legitimate traffic.IP Null Attack
Packets contain IPv4 headers which carry information about which Transport Protocol is being used. When attackers set the value of this field to zero, these packets can bypass security measures designed to scan TCP, IP, and ICMP. When the target server tries to put process these packets, it will eventually exhaust its resources and reboot.CharGEN Flood
It is a very old protocol which can be exploited to execute amplified attacks. A CharGEN amplification attack is carried out by sending small packets carrying a spoofed IP of the target to internet enabled devices running CharGEN. These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. Most internet-enabled printers, copiers etc., have this protocol enabled by default and can be used to execute a CharGEN attack. This can be used to flood a target with UDP packets on port 19. When the target tries to make sense of these requests, it will fail to do so. The server will eventually exhaust its resources and go offline or reboot.SNMP Flood
Like a CharGEN attack, SNMP can also be used for amplification attacks. SNMP is mainly used on network devices. SNMP amplification attack is carried out by sending small packets carrying a spoofed IP of the target to the internet enabled devices running SNMP. These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. However, amplification effect in SNMP can be greater when compared with CHARGEN and DNS attacks. When the target tries to make sense of this flood of requests, it will end up exhausting its resources and go offline or reboot.NTP Flood
The NTP protocol is another publicly accessible network protocol. The NTP amplification attack is also carried out by sending small packets carrying a spoofed IP of the target to internet enabled devices running NTP. These spoofed requests to such devices are then used to send UDP floods as responses from these devices to the target. When the target tries to make sense of this flood of requests, it will end up exhausting its resources and go offline or reboot.SSDP Flood
SSDP enabled network devices that are also accessible to UPnP from the internet are an easy source for generating SSDP amplification floods. The SSDP amplification attack is also carried out by sending small packets carrying a spoofed IP of the target to devices. These spoofed requests to such devices are used to send UDP floods as responses from these devices to the target. When the target tries to make sense of this flood of requests, it will end up exhausting its resources and go offline or reboot.Other Amplified DDoS Attacks
All amplified attacks use the same strategy described above for CHARGEN, NTP, etc. Other UDP protocols that have been identified as possible tools for carring out amplification flood attacks U.S. CERT are:- SNMPv2
- NetBIOS
- QOTD
- BitTorrent
- Kad
- Quake Network Protocol
- Steam Protocol

