Updated August 19, 2023
Introduction to Types of DoS Attacks
The following article provides an outline of the Types of DOS Attacks. A malicious attack occurs on online services, making them unavailable to the end-users. The attack is made by suspending the servers or interrupting their hosting services. A botnet, consisting of a globally distributed network of devices, is utilized to launch this attack. A discrete set of service attacks only in a single path of interconnected systems to throw a target with malicious traffic. It is an important reason for the denial of service attack.
Different Types of DoS Attacks
Given below are the different types of attacks:
- Volume-based attacks
- Protocol attacks
- Application-layer attacks
- UDP attacks
- ICMP attacks
- Ping of death
- NTP application
- HTTP flood
1. Denial of Service Attacks
Broadly, there are three different types of DOS attacks:
- DoS attacks based on volume: The attackers aim to saturate the bandwidth of the affected site during this attack, and the magnitude of the attack is measured in bits per second. This type of attack includes spoof-packet, ICMP, and UDP floods.
- DoS attacks based on the protocol: The goal of this attack is to consume the resources of real servers or the component implemented for intermediate communication, such as a load balancer and a firewall. The transmission rate is measured in packets per second. This attack includes Ping of Death, Smurf denial of services, SYN floods, and fragmented packet attacks.
- DoS attacks on the application layer: The attack aims to break down the web server, measured in requests per second. It has specific targets such as Apache, OpenBSD, and Windows. Example of these attacks is GET/POST floods and Low-and-Slow attacks.
2. UDP Attacks
UDP flood attacks it to target and flood random ports on the remote host. The host continuously checks for the application ports and sends a destination unreachable ICMP packet message when it does not find any port. This affects the host resources and leads to the inaccessibility of services. As the name implies, it affects and attacks the host with User Datagram Protocol packets (UDP).
3. ICMP Attacks
ICMP attacks consume both incoming and outgoing bandwidth because all the affected servers will frequently attempt to react with ICMP echo reply packets, resulting in a shutdown or slowdown of the entire system. It is similar to the UDP attacks, but if approaches and affects the target with an ICMP echo request packet and sends with a high transmission rate instead of waiting for any reply.
In the SYN flood attack, the requestor transmits many SYN requests but never reacts to the response of host SYN-ACK, or it transmits the SYN request from a spoofed or masked IP address. Now the host server waits for the acknowledgment of every request from the receiver and the persistent binding of resources until the establishment of new connections, ultimately resulting in the denial of services. It happens to exploit the defined weakness in the connection sequence of TCP. It is similar to a three-way handshake. When initiating a TCP connection with any host server, any SYN request should be acknowledged by SYN-ACK responses and subsequently verified by ACK messages from the requestor. Hence this type of attack affects the responses from the requestor denying services.
4. Ping of Death
This attack includes transmitting continuous malfunctioned or malicious pings to the server. The maximum packet length of the IP packet, including the header, is 65535 bytes. The data link layer has the limits of a maximum frame size of 1500 bytes over an Ethernet. In this scenario, the receiving host possesses the IP packets or fragments necessary to complete the entire IP, as a maximum IP packet is segmented across multiple IP fragments. When the malware manipulates the fragment data, it can result in larger recipient packets than 65535 bytes when reassembling. When the memory space allocated for a packet is overwhelmed, it can cause a denial of service, impacting the processing of legitimate and real packets.
This attack has a huge impact, such as enabling one web server by bringing down the other web server without impacting other ports or services of the host network. It does this by holding multiple connections to the host web server as long as possible and achieves this by establishing a connection to the host server, but it transmits only partial requests.
It persistently transmits more headers of HTTP but never satisfies the request. The host system maintains the open port or services for this false connection, affecting the space for legitimate requests. As the name insists, this causes a slowdown of the entire system by overwhelming the concurrent connection range.
6. Amplification of NTP
In this attack, the hacker attacks the public accessing Network Time Protocols to overflow a host server by generating UDP traffic. The description of amplification stabbing suggests that the ratio of a query to response in such cases is 1:20 or 1:200, or even higher. It signifies that the hacker gets a list of open NTP servers, producing the maximum volume of DoS attacks and distressing maximum bandwidth. This type of attack only focuses on NTP protocols.
7. HTTP Flood
Here the hacker attacks the legitimate and generic HTTP GET or POST response to exploit a web application or server. It doesn’t use spoofing techniques, reflection methods, or malfunctioning packets. It consumes only a minimum of bandwidth than other attacks to slow down the application or a host server. It is more effective when it pushes the system or application to allow the maximum possible resources in response to every unit request.
Hence there are many types of attacks that work on different principles. A rapid and robust security system can protect crucial servers and applications from these vulnerable attacks.
This is a guide to Types of DOS Attacks . Here we discuss the introduction and different types of DOS Attacks. You may also have a look at the following articles to learn more –