How DDoS Attack Works
During a DDoS attack process, a massive requests are sent simultaneously from multiple network points across the internet. The intensity of this "crossfire" renders the service unstable, or even worse, make the server unavailable and stop responding at all.
How Anti-DDoS Attack Works
- Analyzing : by sent packets to routers to analyze : DNS , ICMP, IP Fragment,NULL IP,Private IP,TCP NULL, TCP RST,TCP SYN,UDP,Total Traffic.
- Vacuum your server's incoming traffic
- Mitigation singling out all the illegitimate IP packets, while allowing legitimate ones to pass through
Types of attacks as targets
- ICMP (Ping) Flood: ICMP flood overwhelms the target resource with ICMP Echo Request (ping) packets, by sending packets as fast as possible without waiting for remote host replies.
- UDP Flood:its DDoS attack that floods a target with User Datagram Protocol (UDP) packets. The goal of the attack is to flood random ports on a remote host.
- SYN Flood: SYN flood DDoS attack sends multiple SYN requests, but either does not respond to the host's SYN-ACK response, or sends the SYN requests from a spoofed IP address.
- ACK Fragmentation Flood:Fragmented ACK packets are used in this bandwidth consuming version of the ACK & PUSH ACK Flood attack.
- SYN-ACK Flood: The attack tries to exhaust a server’s resources – its RAM, CPU using SYN-ACK Flood with following mechanism The second step of the three-way TCP communication process is exploited by this DDoS attack. In this step, a SYN-ACK packet is generated by the listening host to acknowledge an incoming SYN packet.
- Ping of Death: or POD attack is sending ICMP multiple malformed or malicious pings to a computer.
- HTTP Flood: attacker exploits seemingly-legitimate HTTP GET or POST requests to attack a web server or application.
- Fragmented HTTP Flood: BOTs with a valid IP are used to establish a valid HTTP connection with a web server. Then, HTTP packets are split by the bot into tiny fragments and sent to the target as slowly as it allows before it times out.
- DNS Flood: Attackers send valid but spoofed DNS request packets at a very high packet rate and from a very large group of source IP addresses.
- Zero Day (0day) DDoS: ZERO Day DDoS vulnerabilities do not have patches or effective defensive mechanisms.
- IP Null Attack:Packets contain IPv4 headers which carry information about which Transport Protocol is being used. When attackers set the value of this field to zero, these packets can bypass security measures designed to scan TCP, IP, and ICMP.