What is Volume-based DDoS Attack ?

What is Volume-based DDoS Attack?​

As the name implies, volume-based DDoS attacks depend on the volume of inbound traffic. The goal of this type of attack is to overload the website’s bandwidth or cause CPU or IOPS usage issues.

The attacker employs a basic tactic – more resources wins this game. If they can overload your resources, the attack is successful.

It is quite easy for attackers to achieve their goals. Most website owners are leveraging shared hosts and the ones with virtual private server (VPS) environments are often set up in the smallest tiers and configurations.

Volume-based DDoS attacks include:​

UDP floods​

The User Datagram Protocol (UDP) DoS attack will flood various ports at random, leading the host server to report back with an Internet Control Message Protocol (ICMP) packet. This is a protocol used to generate error messages to the IP address when problems prevent IP packets delivery. The UDP floods are done via packets – also known as Layer 3 / 4 attacks. This forces the web server to respond, in turn chewing through your web server resources forcing it to come to a halt or die completely. UDP is a connectionless protocol, meaning it doesn’t validate source IP addresses. It’s because of this that UDP attacks are often associated with Distributed Reflective Denial of Service (DRDoS) attacks.

ICMP floods​

Attackers flood the server with spoofed ICMP packets sent from a huge set of source IPs. The result of this attack is the exhaustion of server resources and failure to process requests, causing the server to reboot or lead to an extensive impact on its performance. ICMP flood attacks can be targeted at specific servers or they can be random. It essentially consumes bandwidth to the point of exhaustion.

Ping floods​

Attackers flood the server with spoofed ping packets from a huge set of source IPs. It is an evolution of the ICMP flood attacks. The attacker’s objective is to flood the server until it goes offline. The biggest downside from this attack for website owners is that it can be difficult to detect, mistaken for legitimate traffic.

This attack can be measured in bits per second.

On Friday, Google’s cloud business disclosed the incident, which involved bombarding the company’s internet networks with a flood of traffic. The DDoS attack lasted over a six-month campaign, peaking to 2.5Tbps in traffic.

The figure surpasses the 2.3Tbps assault Amazon’s cloud business AWS experienced this past February, which was previously thought to be the biggest DDoS attack on record. I have already shared a post about it recently.

According to Google’s security team, the 2.5Tbps DDoS against the company was sourced back to a government-backed group that harnessed four internet service providers in China to send the flood of traffic.

Of Google mentioned, "Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack. Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact.

The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.

This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. It remains the highest-bandwidth attack reported to date, leading to reduced confidence in the extrapolation."
Prior to February this year, the former largest DDoS attack recorded was back in 2018 March, when NetScout Arbor mitigated a 1.7 Tbps attack.

Guys, what do you think of think about this post?