A Distributed Denial of Service or DDoS attack is a type of DoS attack in which an attacker uses a number of compromised computers to send a huge number of requests to the target host. Attackers often use a botnet to perpetrate this type of attack. (What is a botnet?)(What is an IoT Botnet?)
Attackers may first use malware to compromise a number of devices or computers. The malware may turn the compromised devices into bots or zombie computers. Then, attackers may control the devices remotely and make them send a huge number of requests to a target host that results in a DoS attack.
For example, attackers may use a botnet to send a huge number of ICMP Echo request messages or ping packets to a target host. The target host may end up consuming all its computational resources to send replies to the ping packets and that may result in a DDoS attack. This type of DDoS attack is also called a Ping Flood. (What is Ping Flood and how does it work?)
In a DoS attack, attackers often spoof the source IP address of the packets before sending the packets to the target host. As a result, it becomes difficult to detect the source of the attack. (What is IP address spoofing?)
What is a DrDoS attack?
A DrDoS or Distributed Reflection Denial of Service attack is a type of DDoS attack. In this attack, attackers first select a large number of victim hosts and send requests to those victim hosts. But, attackers spoof the source IP address of the sent packets and instead use the IP address of a target host as the source IP address. As a result, the victim hosts start sending replies to the target host. As the number of victim hosts is large, and the size of the replies is more than the size of the requests, the huge number of replies consume the network bandwidth of the target host and that results in a DoS attack.
Here, attackers use multiple source machines to perpetrate the attack. So, it is a DDoS attack. And, the requests made to the victim hosts are reflected or redirected to the target host. So, it is called a Distributed Reflection Denial of Service attack or DrDoS attack.
Attackers may exploit several Internet protocols to perpetrate this attack. Attackers often use DNS, NTP, SNMP, or CHARGEN protocols to make this attack. For example, attackers may send spoofed requests to DNS resolvers and use the IP address of the target host as the source IP address of all the sent packets. Each DNS resolver will send a response that is larger in size than the actual request. And, when the huge number of responses will reach the target host, that will result in a DrDoS attack.
How to protect servers from DoS, DDoS and DrDoS attacks? We have discussed that in detail in this article: How to protect servers from DoS and DDoS attacks?
I hope this helps. However, interested readers who want to know more about how different web application attacks work and how we can prevent them can refer to the book “Web Application Vulnerabilities And Prevention.”
Security Fundamentals Practice Tests
The Security Fundamentals Practice Tests test one’s fundamental knowledge of cyber security. The practice tests are good for those who are preparing for various certification exams like the CCNA, CCNP, or CompTIA. They are also good for students and IT/security professionals who want to improve their understanding of cyber security.
These practice tests are accessible only to Premium Members. Please login below to take these tests or upgrade your membership:
Not a member yet? Please follow the link below to register for The Security Buddy.
You can find more on The Security Buddy membership plan here:






0 Comments