Types of DDoS attack!!! + How to Fix DDoS attack?!!

In this post I'll explain types of DDoS attack. So if you don't know what DDoS attack is then go to my previous post and check it out. Click Here

Types of DDoS Attacks

DDoS attacks can be broadly categorized into three categories:

• Volume-based Attacks
• Protocol Attacks
• Application Layer Attacks

Volume-Based Attacks

Volume-based attacks include TCP floods, UDP floods, ICMP floods, and other deceptive packet floods. These are also known as Layers 3 and 4 attacks. Here, attackers try to saturate the bandwidth of the target site. Attack power is measured in bits per second (bps).

• UDP Flood − A UDP flood is used to flood random ports on a remote host with numerous UDP packets, more specifically port number 53. Specialized firewalls can be used to filter out or block malicious UDP packets.

• ICMP Flood − This is similar to UDP flood and used to flood a remote host with numerous ICMP Echo Requests. This type of attack can consume both outgoing and incoming bandwidth and a high volume of ping requests will result in overall system slowdown.

• HTTP Flood − The attacker sends HTTP GET and POST requests to a targeted web server in a large volume which cannot be handled by the server and leads to denial of additional connections from legitimate clients.

• Amplification Attack − The attacker makes a request that generates a large response which includes DNS requests for large TXT records and HTTP GET requests for large files like images, PDFs, or any other data files.

Protocol Attacks

Protocol attacks include SYN Floods, Ping of Death, fragmented packet attacks, Smurf DDoS, and so on. This type of attack consumes actual server resources and other resources such as firewalls and load balancers. Attack power is measured in packets per second.

• DNS Flood − DNS floods are used for attacking both the infrastructure and a DNS application to overwhelm a target system and consume all its available network bandwidth.

• SYN Flood − The attacker sends TCP connection requests faster than the targeted machine can process them, causing network saturation. Administrators can tweak TCP stacks to mitigate the effect of SYN floods. To reduce the effect of SYN floods, you can reduce the timeout until a stack frees memory allocated to a connection, or selectively dropping incoming connections using a firewall or iptables.

• Ping of Death − The attacker sends malformed or oversized packets using a simple ping command. IP allows sending 65,535 bytes packets but sending a ping packet larger than 65,535 bytes violates the Internet Protocol and could cause memory overflow on the target system and finally crash the system. To avoid Ping of Death attacks and its variants, many sites block ICMP ping messages altogether at their firewalls.

Application Layer Attacks

Application layer attacks include Slowloris, Zero-day DDoS attacks, DDoS attacks against Apache, Windows or OpenBSD vulnerabilities, and more. The goal here is to crash the web server. Attack intensity is measured in "requests per second."

• Application Attack − This is also called Layer 7 Attack, where the attacker makes excessive log-in, database-lookup, or search requests to overload the application. It is really difficult to detect Layer 7 attacks because they resemble legitimate website traffic.

• Slowloris − The attacker sends huge number of HTTP headers to a targeted web server, but never completes a request. The targeted server keeps each of these false connections open and eventually overflows the maximum concurrent connection pool, and leads to denial of additional connections from legitimate clients.

• NTP Amplification − The attacker exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the targeted server with User Datagram Protocol (UDP) traffic.

• Zero-day DDoS Attacks − A zero-day vulnerability is a system or application flaw previously unknown to the vendor, and has not been fixed or patched. These are new type of attacks coming into existence day by day, for example, exploiting vulnerabilities for which no patch has yet been released.

How to Fix a DDoS Attack

Depending on the type of DDoS attack, there are considerable DDoS protection options available. DDoS measures are to identify and shut down all possible operating system and application level vulnerabilities in the system, shut down all possible ports, remove unnecessary access from the system, and use agent or CDN system Begin by hiding the server behind. 

If you find a small number of DDoS, you can find a number of firewall-based solutions that will help filter DDoS-based traffic. However, if the GBoS attack gigabyte or higher is even higher, you need to use a DDoS protected service provider to provide a more comprehensive, proactive and true approach. Be careful when approaching or selecting a DDoS protection provider. There are many service providers who want to use your situation.

If you informed you that you are under DDoS attacks, we will start offering various services at unreasonably high cost. We can propose a simple and effective solution. First, look for an excellent DNS solution provider with enough flexibility to configure the site's A and CNAME records. Next, we need a good CDN provider that can handle large DDoS traffic and provide DDoS protection as part of the CDN package. 

Suppose the server's IP address is AAA.BBB.CCC.DDD. Next, we need to configure the following DNS settings:

• Create a A Record in DNS zone file as shown below with a DNS identifier, for example, ARECORDID and keep it secret from the outside world.

• Now ask your CDN provider to link the created DNS identifier with a URL, something like cdn.someotherid.domain.com.

• You will use the CDN URL cdn.someotherid.domain.com to create two CNAME records, the first one to point to www and the second record to point to @ as shown below.

With the help of a system administrator, you can understand these points and configure DNS and CDN appropriately. Finally, make the following settings in DNS.

Now let your CDN provider handle all types of DDoS attacks and your system will stay safe. However, the condition here is that you should not reveal your system's IP address or record identifier to anyone; otherwise, a direct attack will restart.

Quick Fix

DDoS attacks have become more common than ever before, and unfortunately, there is no quick fix for this problem. However, if your system is under a DDoS attack, then don’t panic and start looking into the matter step by step.

If you find it helpful then do support me by liking Facebook page. Click Here :)