DoS (Denial-of-service) and DDoS (distributed denial-of-service) attacks aim to disrupt the normal functions of a server, service, or network by flooding it with an unmanageable amount of Internet traffic. DoS attacks use a single machine to send malicious traffic, while DDoS attacks use multiple machines, often part of a botnet. DDoS attacks are more prevalent and damaging because they are harder to stop with modern security tools and are fairly inexpensive and easy to operate, comparatively.
There are different categories of attack tools for DoS/DDoS attacks. Some are specialized and only focus on a particular layer of the OSI (open systems interconnection) model, while others allow for multiple attack vectors. The OSI model contains seven layers, and functions as a universal language between different computer systems. Low and slow attack tools use a low volume of data and operate very slowly, while application layer (L7) attack tools target layer 7 of the OSI model, making it difficult to distinguish between normal requests and this form of attack. Protocol and transport layer (L3/L4) attack tools utilize protocols like UDP to send large volumes of traffic to a targeted server, often as part of a DDoS attack.
Some commonly used attack tools include Low Orbit Ion Cannon (LOIC), High Orbit Ion Cannon (HOIC), Slowloris, and R.U.D.Y (R-U-Dead-Yet). To defend against these varying DoS/DDoS attacks, different tactics are used, such as rate limiting, which limits the number of requests a server will accept within a certain time frame; web application firewalls which block certain kinds of web traffic according to a series of rules; and anycast network diffusion, which is a form of network addressing and routing that directs incoming requests to the nearest node or data center, if a CDN is involved.
Looking to learn more? We suggest heading over to Cloudflare’s Learning Center for an in-depth look at DNS security.
Share this:
