Have an account?
  •   Personalized content
  •   Your products and support
Log In

Need an account?

Create an account

What Is a DDoS Attack?

What Is a DDoS attack?

A distributed-denial-of-service, or DDoS, attack is the bombardment of simultaneous data requests to a central server. The attacker generates these requests from multiple compromised systems.

In doing so, the attacker hopes to exhaust the target’s Internet bandwidth and RAM. The ultimate goal is to crash the target’s system and disrupt its business.

Why would someone carry out a DDoS attack?

An attacker may use a DDoS attack to extort a business for money. DDoS attacks can also provide advantages to business competitors or political benefits to governments or “hacktivists.” The failure of a company’s network can benefit many people.

How long can a DDoS attack last?

The length of a DDoS attack varies. Attacks like the Ping of Death can be quick. The Slowloris attack takes longer to develop. According to a Radware report, 33 percent of DDoS attacks last an hour, 60 percent last less than a full day, and 15 percent last as long as a month.

What does DDoS protection do?

Protecting your business from DDoS attacks is a crucial part of securing your network. To defend your network against a large array of attacks, you must deploy a complete and holistic IT approach that uses components capable of seamlessly working together.

3 general types of DDoS attacks

Volume-based attacks

UDP flood: User Datagram Protocol (UDP) floods attack random ports on a remote server with requests called UDP packets. The host checks the ports for the appropriate applications. When no application can be found, the system responds to every request with a “destination unreachable” packet. The resulting traffic can overwhelm the service.

ICMP (ping) flood: An Internet Control Message Protocol (ICMP) flood sends ICMP echo request packets (pings) to a host. Pings are common requests used to measure the connectivity of two servers. When a ping is sent, the server quickly responds. In a ping flood, however, an attacker uses an extensive series of pings to exhaust the incoming and outgoing bandwidth of the targeted server.


Application attacks

HTTP flood: An HTTP flood is a Layer 7 application attack that uses botnets, often referred to as a “zombie army.” In this type of attack, standard GET and POST requests flood a web server or application. The server is inundated with requests and may shut down. These attacks can be particularly difficult to detect because they appear as perfectly valid traffic.

Slowloris: Named after the Asian primate, the Slowloris moves slowly. The attack sends small portions of an HTTP request to a server. These portions are sent in timed intervals, so the request does not time out, and the server waits for it to be completed. These unfinished requests exhaust bandwidth and affect the server’s ability to handle legitimate requests.


Protocol attacks

SYN flood: In a SYN flood attack, the attacker sends seemingly normal SYN requests to a server, which responds with a SYN-ACK (synchronized-acknowledgment) request. Typically, a client then sends back an ACK request, and a connection is made. In a SYN flood attack, the attacker does not respond with a final ACK. The server is left with a large number of unfinished SYN-ACK requests that burden the system.

Ping of Death: In a Ping of Death attack, the attacker tries to crash or freeze a server by sending a normal ping request that is either fragmented or oversized. The standard size of an IPv4 header is 65,535 bytes. When a larger ping is sent, the targeted server will fragment the file. Later, when the server formulates a response, the reassembly of this larger file can cause a buffer overload and crash.

Chat live with a Cisco representative

Cisco:

  • Welcome to Cisco!
  • How can I help you?