Page 1 of 7

SQL HTML CSS Javascript Python Java C C++ PHP Scala C#

Ethical Hacking - DDOS Attacks

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service or a website
unavailable by overloading it with huge floods of traffic generated from multiple sources.

Unlike a Denial of Service (DoS) attack, in which one computer and one Internet connection is used to
flood a targeted resource with packets, a DDoS attack uses many computers and many Internet
connections, often distributed globally in what is referred to as a botnet.

A large scale volumetric DDoS attack can generate a traffic measured in tens of Gigabits (and even
hundreds of Gigabits) per second. We are sure your normal network will not be able to handle such
traffic.

What are Botnets?

Attackers build a network of hacked machines which are known as botnets, by spreading malicious
piece of code through emails, websites, and social media. Once these computers are infected, they
can be controlled remotely, without their owners' knowledge, and used like an army to launch an
attack against any target.

Powered by:
 Page 2 of 7

A DDoS flood can be generated in multiple ways. For example −

Botnets can be used for sending more number of connection requests than a server can
handle at a time.

Attackers can have computers send a victim resource huge amounts of random data to use
up the target's bandwidth.

Due to the distributed nature of these machines, they can be used to generate distributed high traffic
which may be difficult to handle. It finally results in a complete blockage of a service.

Types of DDoS Attacks

DDoS attacks can be broadly categorized into three categories −

Powered by:
 Page 3 of 7

Volume-based Attacks

Protocol Attacks

Application Layer Attacks

Volume-Based Attacks

Volume-based attacks include TCP floods, UDP floods, ICMP floods, and other spoofedpacket floods.
These are also called Layer 3 & 4 Attacks. Here, an attacker tries to saturate the bandwidth of the
target site. The attack magnitude is measured in Bits per Second (bps).

UDP Flood − A UDP flood is used to flood random ports on a remote host with numerous UDP
packets, more specifically port number 53. Specialized firewalls can be used to filter out or
block malicious UDP packets.

ICMP Flood − This is similar to UDP flood and used to flood a remote host with numerous
ICMP Echo Requests. This type of attack can consume both outgoing and incoming
bandwidth and a high volume of ping requests will result in overall system slowdown.

HTTP Flood − The attacker sends HTTP GET and POST requests to a targeted web server in a
large volume which cannot be handled by the server and leads to denial of additional
connections from legitimate clients.

Amplification Attack − The attacker makes a request that generates a large response which
includes DNS requests for large TXT records and HTTP GET requests for large files like
images, PDFs, or any other data files.

Protocol Attacks

Protocol attacks include SYN floods, Ping of Death, fragmented packet attacks, Smurf DDoS, etc. This
type of attack consumes actual server resources and other resources like firewalls and load
balancers. The attack magnitude is measured in Packets per Second.

DNS Flood − DNS floods are used for attacking both the infrastructure and a DNS application
to overwhelm a target system and consume all its available network bandwidth.

SYN Flood − The attacker sends TCP connection requests faster than the targeted machine
can process them, causing network saturation. Administrators can tweak TCP stacks to
mitigate the effect of SYN floods. To reduce the effect of SYN floods, you can reduce the
timeout until a stack frees memory allocated to a connection, or selectively dropping
incoming connections using a firewall or iptables.
Powered by:
Ping of Death − The attacker sends malformed or oversized packets using a simple ping
command. IP allows sending 65,535 bytes packets but sending a ping packet larger than
65,535 bytes violates the Internet Protocol and could cause memory overflow on the target
 Page 4 of 7

system and finally crash the system. To avoid Ping of Death attacks and its variants, many
sites block ICMP ping messages altogether at their firewalls.

Application Layer Attacks

Application Layer Attacks include Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache,
Windows or OpenBSD vulnerabilities and more. Here the goal is to crash the web server. The attack
magnitude is measured in Requests per Second.

Application Attack − This is also called Layer 7 Attack, where the attacker makes excessive
log-in, database-lookup, or search requests to overload the application. It is really difficult to
detect Layer 7 attacks because they resemble legitimate website traffic.

Slowloris − The attacker sends huge number of HTTP headers to a targeted web server, but
never completes a request. The targeted server keeps each of these false connections open
and eventually overflows the maximum concurrent connection pool, and leads to denial of
additional connections from legitimate clients.

NTP Amplification − The attacker exploits publically-accessible Network Time Protocol (NTP)
servers to overwhelm the targeted server with User Datagram Protocol (UDP) traffic.

Zero-day DDoS Attacks − A zero-day vulnerability is a system or application flaw previously

unknown to the vendor, and has not been fixed or patched. These are new type of attacks
coming into existence day by day, for example, exploiting vulnerabilities for which no patch
has yet been released.

How to Fix a DDoS Attack

There are quite a few DDoS protection options which you can apply depending on the type of DDoS
attack.

Your DDoS protection starts from identifying and closing all the possible OS and application level
vulnerabilities in your system, closing all the possible ports, removing unnecessary access from the
system and hiding your server behind a proxy or CDN system.

If you see a low magnitude of the DDoS, then you can find many firewall-based solutions which can
help you in filtering out DDoS based traffic. But if you have high volume of DDoS attack like in gigabits
or even more, then you should take the help of a DDoS protection service provider that offers a more
holistic, proactive and genuine approach.

You must be careful while approaching and selecting a DDoS protection service provider. There are
number of service providers who want to take advantage of your situation. If you inform them that you
Powered by:
are under DDoS attack, then they will start offering you a variety of services at unreasonably high
costs.
 Page 5 of 7

We can suggest you a simple and working solution which starts with a search for a good DNS solution
provider who is flexible enough to configure A and CNAME records for your website. Second, you will
need a good CDN provider that can handle big DDoS traffic and provide you DDoS protection service
as a part of their CDN package.

Assume your server IP address is AAA.BBB.CCC.DDD. Then you should do the following DNS
configuration −

Create a A Record in DNS zone file as shown below with a DNS identifier, for example,
ARECORDID and keep it secret from the outside world.

Now ask your CDN provider to link the created DNS identifier with a URL, something like
cdn.someotherid.domain.com.

You will use the CDN URL cdn.someotherid.domain.com to create two CNAME records, the
first one to point to www and the second record to point to @ as shown below.

You can take the help from your system administrator to understand these points and configure your
DNS and CDN appropriately. Finally, you will have the following configuration at your DNS.

Now, let the CDN provider handle all type of DDoS attacks and your system will remain safe. But here
the condition is that you should not disclose your system's IP address or A record identifier to anyone;
else direct attacks will start again.

Quick Fix

DDoS attacks have become more common than ever before, and unfortunately, there is no quick fix
for this problem. However, if your system is under a DDoS attack, then dont panic and start looking
into the matter step by step.

Powered by:
TOP TUTORIALS

Python Tutorial

Java Tutorial
 Page 6 of 7

C++ Tutorial

C Programming Tutorial

C# Tutorial

PHP Tutorial

R Tutorial

HTML Tutorial

CSS Tutorial

JavaScript Tutorial

SQL Tutorial

TRENDING TECHNOLOGIES

Cloud Computing Tutorial

Amazon Web Services Tutorial

Microsoft Azure Tutorial

Git Tutorial

Ethical Hacking Tutorial

Docker Tutorial

Kubernetes Tutorial

DSA Tutorial

Spring Boot Tutorial

SDLC Tutorial

Unix Tutorial

CERTIFICATIONS

Business Analytics Certification

Java & Spring Boot Advanced Certification

Data Science Advanced Certification

Cloud Computing And DevOps

Advanced Certification In Business Analytics

Artificial Intelligence And Machine Learning

DevOps Certification

Game Development Certification

Front-End Developer Certification

AWS Certification Training

Powered by:

Python Programming Certification

COMPILERS & EDITORS

 Page 7 of 7

Online Java Compiler

Online Python Compiler

Online Go Compiler

Online C Compiler

Online C++ Compiler

Online C# Compiler

Online PHP Compiler

Online MATLAB Compiler

Online Bash Compiler

Online SQL Compiler

Online Html Editor

ABOUT US | OUR TEAM | CAREERS | JOBS | CONTACT US | TERMS OF USE |

PRIVACY POLICY | REFUND POLICY | COOKIES POLICY | FAQ'S

Tutorials Point is a leading Ed Tech company striving to provide the best learning material on technical
and non-technical subjects.

© Copyright 2025. All Rights Reserved.

Powered by: