1. SYN Flood

This attack exploits the TCP three-way handshake, a technique used to establish any Connection between a client, a host, and a server using the TCP protocol. Normally, a client submits a SYN (synchronize) message to the server to request a connection.

When a SYN Flood attack is underway, criminals send a plethora of these messages from a spoofed IP address. As a result, the receiving server becomes incapable of processing and storing so many SYN packets and denies service to real clients.

2. ACK & PUSH ACK Flood

Once the TCP three-way handshake has resulted in establishing a connection between a host and a client, ACK or PUSH ACK packets are sent back and forth until the session is terminated. A server targeted by this type of a DDoS attack cannot identify the origin of falsified packets and wastes all of its processing capacity trying to determine how to handle them.

3. UDP Flood

As the name suggests, this DDoS attack leverages multiple User Datagram Protocol (UDP) packets. For the record, UDP connections lack a handshaking mechanism (unlike TCP), and therefore the IP address verification options are very limited. When this exploitation is in full swing, the volume of dummy packets exceeds the target server’s maximum capacity for processing and responding to requests.

4. NTP Flood (NTP Amplification)

Network Time Protocol (NTP), one of the oldest networking protocols tasked with clock synchronization between electronic systems, is at the core of another DDoS attack vector. The idea is to harness publicly-accessible NTP servers to overload a target network with a large number of UDP packets.

5. HTTP Flood

When executing an HTTP Flood DDoS attack, an adversary sends ostensibly legitimate GET or POST requests to a server or web application, siphoning off most or all of its resources. This technique often involves botnets consisting of “zombie” computers previously contaminated with malware.

6. Smurf Attack

This one involves a malware strain called Smurf to inundate a computer network with ICMP ping requests carrying a spoofed IP address of the target. The receiving devices are configured to reply to the IP in question, which may produce a flood of pings the server can’t process.

7. Slowloris

This attack stands out from the crowd because it requires very low bandwidth and can be fulfilled using just one computer. It works by initiating Multiple Concurrent Connections to a web server and keeping them open for a long period of time. The attacker sends partial requests and complements them with HTTP headers once a while to make sure they don’t reach a completion stage. As a result, the server’s capability to maintain simultaneous connections is drained and it can no longer process connections from legitimate clients.

8. Zero-Day DDoS

This term denotes an attack that takes advantage of uncatalogued vulnerabilities in a web server or computer network. Unfortunately, such flaws are surfacing off and on, making the prevention a more challenging task.

9. Slowloris

This attack stands out from the crowd because it requires very low bandwidth and can be fulfilled using just one computer. It works by initiating multiple concurrent connections to a web server and keeping them open for a long period of time. The attacker sends partial requests and complements them with HTTP headers once a while to make sure they don’t reach a completion stage. As a result, the server’s capability to maintain simultaneous connections is drained and it can no longer process connections from legitimate clients.

10. IP Null Attack

This one is carried out by sending a slew of packets containing invalid IPv4 headers that are supposed to carry transport layer protocol details. The trick is that threat actors set this header value to null. Some servers cannot process these corrupt-looking packets properly and waste their resources trying to work out how to handle them.

Read more at Woods LLP