Hemant Jain’s 10 Most Common Distributed Denial of Service (DDoS) Attacks Today

What is it? Spoofed SYN Packets fill the connection table of servers. How difficult is it to stop? Low volume SYN flood can be easily stopped by software firewalls. High bandwidth SYN floods needs specialized equipment with SYN proxy capability. 1. SYN Flood Ease of Attack Index: 2/10 Mitigation Index: 5/10

2. Zombie Flood What is it? Non-Spoofed Connections overload the services. How difficult is it to stop? Difficult to stop unless you have behavioral mitigation. High bandwidth Zombie floods needs specialized logic for legitimate connections and rate limiting. Ease of Attack Index: 7/10 Mitigation Index: 9/10

3. ICMP Flood What is it? ICMP packets overload the servers and the pipe. How difficult is it to stop? Low volume ICMP flood can be easily stopped by ACLs on routers and switches. High bandwidth ICMP floods needs specialized equipment. Ease of Attack Index: 1/10 Mitigation Index: 5/10

4. Non-service port-flood What is it? TCP/UDP packets overload the servers and the pipe on ports not being used for service, e.g. TCP port 81. How difficult is it to stop? Low volume easily stopped by ACLs. Higher volume need specialized equipment. Ease of Attack Index: 1/10 Mitigation Index: 5/10

5. Service port flood What is it? Packets overload the servers and the pipe on service ports, e.g. TCP port 80. How difficult is it to stop? Firewall, switches, routers, IPS appliances cannot stop these attacks. Need specialized equipment. Ease of Attack Index: 5/10 Mitigation Index: 9/10

6. Fragment flood What is it? Fragmented packets overload the servers. How difficult is it to stop? Many firewalls, switches, routers cannot stop these attacks. Sometimes need specialized equipment. Ease of Attack Index: 2/10 Mitigation Index: 5/10

7. http get flood What is it? Connection-oriented bots overload the servers and the pipe on service ports, e.g. on HTTP, mimicking legitimate users. How difficult is it to stop? Firewall, switches, routers, IPS appliances cannot stop these attacks. Need specialized equipment. Ease of Attack Index: 8/10 Mitigation Index: 10/10

8. Blended flood What is it? Multiple types of attacks are blended on the server confusing the equipment. How difficult is it to stop? Firewall, switches, routers, IPS appliances cannot stop these attacks. Need specialized equipment. Ease of Attack Index: 9/10 Mitigation Index: 10/10

9. Anomalous packet Flood What is it? Packets with anomalous headers or state overload the servers. How difficult is it to stop? Some firewalls, and IPS appliances can stop these attacks. Specialized equipment for DDoS easily stop these attacks. Ease of Attack Index: 1/10 Mitigation Index: 2/10

10. Flood from a Region What is it? Bots from a specific region attack your servers. How difficult is it to stop? Need specialized equipment with visibility to figure out such patterns automatically.` Ease of Attack Index: 8/10 Mitigation Index: 7/10

For More Information IntruGuard is a leading DDoS Solution vendor and makes appliances that stop such floods automatically within 2 seconds. Contact: IntruGuard [email_address] +1 408 400 4222 www.intruguard.com

IntruGuard is a leading DDoS Solution vendor and makes appliances that stop such floods automatically within 2 seconds.

Contact: IntruGuard

[email_address]

+1 408 400 4222

www.intruguard.com