DDoS attack
a distributed denial-of-service (in short, a DDoS attack) is an evil attempt to ruin the traffic of a server, network or service by overwhelming the target with a flood of internet traffic. DDoS attacks do this by using several compromised computers systems as sources of attack traffic, exploited machines can include others networked resources besides computers like IoT devices. The DDoS attacks are carried out with machines that have been infected with malware, which allows them to be controlled by a hacker. These machines / devices are referred to as bots (zombies), and a group of these zombies is called a botnet. With this network of bots, the hacker can send instructions to each bot. When someone's network/server is targeted, each bot sends requests to the target's IP address, this might cause the network or server to be overwhelmed, this results in a denial of service to normal traffic.
There are several different types of DDoS attacks:
|
|---|
|
|
Application layer attacks
This type of attack is also referred to as a layer 7 DDoS attack, these attacks target the layer where the web pages are generated in the server and are delivered in response to HTTP requests. A singe HTTP request is computationally cheap to execute for the attacker, but it can be pretty expensive for server to respond to, because the server runs database queries and loads several files to create a web page. It's hard for the targeted server to defend itself from Application layer attacks, because it's hard to differentiate evil traffic from legitimate traffic.
HTTP flood
A HTTP flood is different from an application layer attack, instead of one HTTP requests there are large numbers of HTTP requests that flood the server, resulting in denial-of-service
Protocol attacks
This type of attack is also known as a state-exhaustion attack, these types of attacks over-consume server resources and/or the resources of network equipment like load balancers and firewalls.