DDoS Attack Layers: An Overview with Examples

Distributed Denial of Service (DDoS) attacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks can be classified into different layers based on the OSI (Open Systems Interconnection) model. Here’s a detailed technical overview of the different layers where DDoS attacks can occur, along with examples:

1. Application Layer (Layer 7)

Description: Application layer attacks target the layer where web pages are generated on the server and delivered in response to HTTP requests. These attacks aim to exhaust the server resources by making it process an overwhelming number of requests.

Examples:

HTTP Flood: Attackers send a flood of HTTP requests to overwhelm the server. For instance, they may use a botnet to send requests to load web pages, exhausting the server's ability to respond to legitimate users.
Slowloris: This attack sends partial HTTP requests and then slowly continues to send additional HTTP headers, keeping many connections to the target web server open and tying up server resources.

2. Transport Layer (Layer 4)

Description: Transport layer attacks target the layer responsible for delivering data between systems, primarily focusing on TCP and UDP protocols.

Examples:

SYN Flood: An attacker sends a series of SYN requests to initiate a connection but never completes the handshake. This leaves numerous half-open connections that consume server resources.
UDP Flood: Attackers send a large number of UDP packets to random ports on the target server. The server, in turn, responds with ICMP destination unreachable packets, consuming bandwidth and processing power.

3. Network Layer (Layer 3)

Description: Network layer attacks target the infrastructure that routes packets of data from one location to another.

Examples:

ICMP Flood (Ping Flood): Attackers send a vast number of ICMP Echo Request (ping) packets to the target. The target has to process and respond to each request, consuming its resources.
Smurf Attack: An attacker sends ICMP packets with the source address spoofed to be that of the target. When devices on the network respond to these packets, the target is overwhelmed with responses.

4. Data Link Layer (Layer 2)

Description: Data link layer attacks focus on the communication between adjacent network nodes and can disrupt the local network segment.

Examples: