Understand to Protect: The Trifecta of DDoS Types

We’ve seen a 125 percent increase in distributed denial-of-service (DDoS) attacks year-over-year and a 35 percent jump in the average attack duration. Yikes, those aren’t pretty numbers. But when acts of this magnitude happen, it tends to make people sit up and start asking questions.

So where do you start? Based strictly on numbers we can safely say that while you can take steps to prevent a DDoS attack, there are no guarantees around protection. Your best bet is to know thy enemy and educate yourself on what to do in the event of an attack. Because once a DDoS attack is underway, it is much harder to respond.

To begin your journey to DDoS protection and mitigation, let’s start with the basics of DDoS types:

Trifecta DDos Types Thugs with weaponsDDoS Types


Volume Based Attacks

  • How it Works: Saturates bandwidth on the attacked site
  • Specific Types: UDP floods, ICMP floods, and other spoofed floods
  • Measurement: Bits per second

Protocol Attacks

  • How it Works: Targets server resources or intermediates like firewalls and load balancers
  • Specific Types: SYN flood, fragmented packet attacks, Ping of Death, Smurf DDoS, etc.
  • Measurement: Packet per second

Application Layer Attacks

  • How it Works: Crashes web servers through seemingly legitimate requests
  • Specific Types: Low-and-Slow attacks, GET/POST floods, attacks on Apache, Windows, or OpenBSD vulnerabilities, etc.
  • Measurement: Requests per second

Dangers of Hybrid Attack Vectors with IoT Botnets

It’s predicted that IoT-powered botnets and reflection amplification attacks will be combined in the near future. The threat landscape as we know it will be severely altered if this happens with crippling multi-terabit DDoS attacks.

For some perspective, “The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbit/s, a 60% increase over 2015’s largest attack of 500 Gbit/s. Not only are DDoS attacks getting larger, but they are also becoming more frequent and complex,” according to a recent report completed by Arbor Worldwide Infrastructure Security Report. While massive 2016 attacks have persuaded more businesses to implement best practice hybrid defenses, IoT botnets have become complete game changers based on sheer volume.

Another noteworthy section of the report highlighted that the largest monitored reflection amplification attack was tipping the scales at 498 Gbut/s, a 97% increase from 2015. With the buzz around Mirai this year, other attack vectors may have gotten overshadowed, but they are still very real. And that’s exactly why we need to be concerned with the possibility of combining forces for mass destruction. Take one or multiple DDoS types and combine them with IoT botnets and the 20-minute mitigation time of 77% of service providers won’t be enough to stop the damage.

Arm Yourself in the DDoS Battle

Education is only as good as what you do with it. Considering that the Mirai source code is now freely available, it’s a great time to start defending your network using next-generation endpoint protection.

To assist you in choosing the best solution for your business, SentinelOne has created the “Next Generation Endpoint Protection Buyer’s Guide.” In the guide, you’ll find answers to the questions weighing on your mind and guidance for making the best security decision.