DDoS Attack Types: Glossary of Terms
This Distributed Denial of Service (DDoS) attack glossary is intended to provide a high level overview of the various DDoS attack types and typical DDoS attack characteristics.
The definition of Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks is where one or many compromised systems attack a target causing a flood of incoming messages, which overwhelms the system, causing it to shut down.
Common DDoS Attack Types & Characteristics:
ACK Attack or ACK-PUSH Flood
In an ACK flood attack or ACK-PUSH Flood, attackers send spoofed ACK (or ACK-PUSH) packets at very high packet rates that fail to belong to any current session within the firewall’s state-table and/or server’s connection list. The ACK (or ACK-PUSH) flood exhausts a victim’s firewalls by forcing state-table lookups and servers by depleting their system resources used to match these incoming packets to an existing flow.
DNS Amplified (Reflective)
Another possible way of taking advantage of DNS flood is through attackers spoofing a victim’s DNS infrastructure and through the use of Open Recursive DNS servers and extensions to the DNS protocol. Very small DNS requests can result in very large and a high-volume of DNS responses (i.e. Amplification Factor). Read more about DNS Amplification Attacks.
DNS Flood
In a DNS Flood, attackers use DNS as a variant of a UDP flood. Attackers send valid but spoofed DNS request packets at a very high packet rate and from a very large group of source IP addresses. Since these appear as valid requests, the victim’s DNS servers proceeds to respond to all requests. The DNS server can be overwhelmed by the vast number of requests. This DNS attack consumes large amounts of network resources that exhaust the DNS infrastructure until it goes offline, taking the victim’s Internet access (www) down with it.