DDoS attacks are among the most frequent cyber threats on the internet. Learn how the main types — volumetric, protocol, and application — work and how to defend your infrastructure.
What is a DDoS attack?
DDoS stands for Distributed Denial of Service. It is a malicious attempt to make a service, server, or network unavailable by overwhelming it with an excessive volume of traffic or requests.
Unlike a traditional DoS attack launched by a single machine, DDoS uses multiple compromised devices (botnets) to launch a coordinated and large-scale attack.
🔹 Most common types of DDoS attacks
DDoS attacks are generally classified into three main categories based on the OSI model layer they target:
1. 🌊 Volumetric Attacks (Layers 3 and 4)
How they work:
Flood the target with massive volumes of data (UDP, ICMP, TCP packets), aiming to saturate the bandwidth of the target network or its upstream infrastructure.
Examples:
- UDP Flood
- ICMP Flood (Ping Flood)
- Amplification Attacks using DNS, NTP, or Memcached servers
Characteristics:
- Extremely high traffic volume (Gbps or Tbps)
- Easy to execute using public tools and botnets
- Immediate impact on overall connectivity
Mitigation:
- Cloud-based mitigation services
- Smart blackholing and traffic filtering
- ACL rules and rate limiting at the edge
2. 🧱 Protocol Attacks (Layers 3 and 4)
How they work:
Exploit vulnerabilities in TCP/IP protocol stacks to exhaust resources of servers, firewalls, or load balancers.
Examples:
- SYN Flood: Initiates TCP connections without completing them
- ACK Flood: Sends invalid ACK packets to confuse routing logic
- Ping of Death, Smurf Attacks
Characteristics:
- Use seemingly legitimate packets
- Target connection/session capacity and memory buffers
- Lower volume but high impact
Mitigation:
- Stateful firewalls with deep packet inspection
- Invalid packet filtering
- TCP challenge-response mechanisms (SYN cookies)
3. 🧠 Application Layer Attacks (Layer 7)
How they work:
Target web applications or APIs by mimicking real user behavior to consume backend resources (CPU, memory, database queries).
Examples:
- HTTP Flood (GET or POST)
- Slowloris: Keeps connections open slowly to exhaust web servers
- Login, search, or checkout abuse
Characteristics:
- Difficult to detect — traffic appears legitimate
- Low bandwidth, high resource impact
- Requires behavioral analysis and adaptive filtering
Mitigation:
- Web Application Firewalls (WAFs)
- Rate limiting and bot detection
- CAPTCHA, MFA, and behavioral threat intelligence
⚠️ DDoS attack consequences
- Partial or total service outage
- Revenue and brand damage
- High mitigation and recovery costs
- Operational distraction for technical teams — leaving doors open for other threats
🛡️ How L7CORE helps defend against DDoS
At L7CORE, we provide high-availability infrastructure with advanced DDoS protection, including:
- Multi-layer filtering (L3, L4, and L7)
- Real-time traffic anomaly detection
- Integrated mitigation with AI-based analytics
- Redundant networks and expert support
🔵 Worried about DDoS?
Talk to an L7CORE specialist and see how we can protect your infrastructure.