Classification of DDoS attacks
April 17, 2024
ID 203020
All DDoS attacks can be divided into two main types:
Bandwidth-consuming DDoS attack – a cybercriminal overloads communication channels, allocated bandwidth and network equipment by flooding them with a large number of packets.
Application-layer DDoS attack – a cybercriminal exploits the behavior of computer communication protocols (TCP, HTTP, etc.) and the behavior of services and applications, hijacks the computing resources of the computer hosting the target of the attack, and thereby prevents the target from processing legitimate transactions and requests.
The system distinguishes between the following types of DDoS attacks:
Types of DDoS attacks
Type | Description |
TCP short packet | Attack using short packets over the TCP protocol for the purpose of overloading the network equipment or TCP stack of the victim. |
TCP data | Attack using long packets over the TCP protocol, normally without establishing a connection. It aims to overload the channel to a resource. |
UDP Misuse | Attack over the UDP protocol, normally using large packets. It aims to overload the channel to a resource. |
ICMP Misuse | Attack over the ICMP protocol, normally using large packets. It aims to overload the channel to a resource. |
HTTP Misuse | Attack over the HTTP protocol. It aims to overload the HTTP service with a large number of requests. |
TCP connect | Establishes a large number of connections without transferring data, or slowly transferring data for the purpose of exhausting the resources of the victim's TCP stack. |
Mixed | Mixed attack displaying attributes of multiple types of attacks. |
TLS Misuse | Attack over the HTTPS protocol. It aims to overload the HTTPS service with a large number of requests. |
Fragmented | Attack using fragmented IP packets. It aims to overload the channel to a resource and/or to exhaust the resources of the router. |
