DDoS Glossary

TCP ACK flood, or ‘ACK Flood’ for short, is a network DDoS attack comprising TCP ACK packets. The packets will not contain a payload but may have the PSH flag enabled.

CDN Debug Information, or in short “Debug Info” is a technique used and supported by CDNs in order to debug the CDN behavior. The debug info allows a client to gain information from the CDN such as: Debug TypeDebug Info Caching Information about the caching status of the resource: was the resource received from the…

Each year brings with it new DDoS attack trends. 2015 was characterized by multi-vectors attacks (Radware). 2016 introduced major disruptions in terms of technology and attack scale (SecureList). And Q1 2017 saw a decrease in amplification-type attacks and an increase in encryption-based attacks (SecureList). These are all interesting trends, but how can you use such…

Hping is a free packet generator and analyzer for the distributed IP protocol. It is one of the de facto tools for security auditing and the testing of services and networks. It is a “Swiss Army knife” that generates virtually any IP, TCP or UPD packet. Hping can transmit a single packet, or multiple packets…

DDoS mitigation often uses an architecture in which a CDN or large reverse proxies are placed in front of the web services as a protection layer. However, sophisticated attackers will attempt to reveal the origin network or IP address and attack directly, making the mitigation layer completely useless. This attack is called ‘Direct-to-Origin’ or in…

DNS Query Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker sends a succession of UDP packets to a DNS server in attempt to exhaust server-side assets such as CPU or memory. By that. the attack prevent the server from direct legitimate requests to zone resources. Not like…

DNS Reflected Amplification Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker exploites a vulnerability in publically-accessible domain name systems (DNS) to flood the target with large number of UDP packets. This attack has two main features: Amplification: Using those DNS servers and various amplification techniques the attacker can…

HTTP Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker sends an HTTP GET or POST requests to an application or a web server. The requests sent seems legitimate containing a valide header and entire message correct and complete. However, the message body sent in an…

Family Network Attacks Attack Vector UDP Flood Variants Reflective Amplified FloodsDNS Garbage FloodUDP Port 80 Garbage Flood DRS ID 22003 Supports spoofing Yes Capture file example Description A UDP Flood is a network DDoS attack involving the sending of numerous UDP packets toward the victim. This attack can arrive from a spoofed source IP address;…

Family Network Attacks Attack Vector SYN Flood Variants Tsunami SYN Flood DRS ID 11001 Supports spoofing Yes Capture file example Description TCP SYN Flood is a network DDoS attack comprising numerous TCP SYN packets that are sent to the victim. It is one of the oldest attacks in DDoS history, yet is still very common…