DDoS Attack

In a denial-of-service (DoS) attack, a threat actor renders information systems, devices, or other network resources inaccessible by overwhelming the target with malicious traffic. A distributed denial-of-service (DDoS) attack is a type of DoS attack where the overloading traffic originates from multiple attacking machines, amplifying the severity of the attack.

DDoS attacks use one or more of the following methods:

• Volumetric attacks: This type of attack overwhelms the resource’s bandwidth with a flood of traffic to keep normal traffic from reaching the resource.

  Volumetric attacks include UDP floods, ICMP floods, TCP floods, and DNS reflection attacks.

• Protocol layer attacks: This type of attack over-consumes network resources on a server, load balancer, or firewall, slowing down the target resource until it becomes inaccessible. This attack targets the network, transports layers of the OSI stack, and leverages exploits in network protocols.

  Protocol layer attacks include SYN floods, BGP attacks, and ping of death attacks.

• Application layer attacks: This type of attack targets software running on the resource, such as web application firewalls (WAFs) and web server applications. For example, these attacks may attempt to open and maintain an abnormally large number of connections to a web server, or bombard an application with large POST payloads. These attacks can be particularly effective because they consume both application-level and network-level resources.

  Application layer attacks include BGP hijacking, HTTP and HTTPS floods, and Slowloris attacks.

• Multi-vector Attack: This type of attack simultaneously targets application and network level resources. Unlike single vector attacks, multi-vector attacks use several different types of traffic to overwhelm the target, such as flooding the target with HTTP traffic and UDP traffic.

DigitalOcean’s DDoS Protection service always-on protection from network and transport level DDoS attacks for applicable DigitalOcean resources. DDoS Protection is available and active for all DigitalOcean customers at no additional charge.

DDoS Attack Articles

Recommended Articles

What do I do if my traffic is blackholed?

We temporarily trigger a blackhole when a DDoS attack against a resource reaches a mitigation limit. We recommend contacting support and planning strategies to keep your resources online in the future.

How to Recover Data from Droplets with the Recovery ISO

Use DigitalOcean’s recovery ISO with the Recovery Console to regain access to and perform data recovery operations on your Droplet, like getting access to an interactive shell, running fsck, or chrooting into the system.