DDoS Overview

DDoS attacks are growing in frequency – in a recent study by Akamai, they found that the number of DDoS attacks increased by 116% in Q1 2015, compared to Q1 2014. They also found that the application layer attacks increased by 59%, while infrastructure layer attacks increased by 125%.

DDoS attacks are increasing in magnitude - There is an increase in Amplification attacks. These attacks involve sending small requests to servers that return a significantly larger response. In 2013, hackers used a DNS reflection attack to generate a peak of 300 Gbps of attack traffic.

DDoS attacks are growing in sophistication – traditionally attackers used TCP and UDP floods to consume network bandwidth. More recently, attackers are targeting application layer protocols and services with greater frequency. A few examples are:

  • Hackers leverage application-layer attacks by sending Hyper Text Transfer Protocol (HTTP) “GET” method requests for large Portable Document Format (PDF) files, thereby successfully exhausting server resources with few requests.
  • Hackers create significant latency by targeting “heavy URLs” that require complex database queries.
  • Hackers blend network and application-layer attack techniques to generate large amounts of traffic that consume significant bandwidth and, execute complex transactions that consume server resources.