A volumetric attack is a Distributed Denial of Service (DDoS) attack that floods a server or network with massive amounts of network packets, overwhelming its bandwidth and causing congestion, packet loss, and service disruption. These attacks aim to exhaust available resources, measured in bits per second (bps), packets per second (pps), or connections per second (cps).
What is a volumetric DDoS attack?
A volumetric Distributed Denial of Service (DDoS) attack is a brute force method used by attackers to overwhelm a network or server by flooding it with massive amounts of traffic. A volumetric attack can include a lot of other DDoS techniques such as NTP amplification, chargen streams, or ICMP ping floods. The goal is to exhaust the target’s bandwidth or routers, causing network congestion, packet loss, and disruption of services. These attacks are measured in bits per second (bps), packets per second (pps), or connections per second (cps).
For more information, see our blog post, What is an Application Layer DDoS Attack, and how do I Defend Against Them?.
How volumetric attacks work.
In a volumetric DDoS attack, malicious actors utilize a botnet, a network of compromised devices, to generate overwhelming traffic aimed at the target. These devices send enormous amounts of traffic in the form of data packets, queries, or connection requests, consuming the target’s resources. As the server or network tries to process each packet, bandwidth, memory, and CPU resources are drained, eventually leading to service failure.
These attacks affect layers 3 and 4 of the OSI (Open Systems Interconnection) model, which handles data transmission and routing. The high volume of traffic makes it nearly impossible for the target to differentiate legitimate packets from the attack, leading to a denial of service for real users.
Types of volumetric DDoS attacks.
Several types of volumetric DDoS attacks exist:
- UDP flood: Overwhelms the target by sending massive amounts of User Datagram Protocol (UDP) traffic to random ports, exhausting server resources.
- ICMP ping flood: Targets a server with a high volume of ICMP pings, consuming its capacity to respond to legitimate traffic.
- DNS reflection flood: Leverages vulnerable open DNS resolvers to send amplified traffic to the target, further increasing the volume of the attack.
- SYN flood: Attacks the server’s ability to establish connections by sending a flood of SYN requests, overwhelming the system.
Volumetric DDoS attack mitigation.
To stop volumetric attacks, various volumetric DDoS protection strategies are implemented:
- DDoS mitigation services: These cloud-based services scrub incoming traffic, filtering out malicious traffic before it reaches the target.
- Rate limiting: This technique limits the number of packets that a server can process in a certain time, preventing overload from sudden traffic surges.
- Traffic filtering: Network firewalls and other filtering tools block unused ports and protocols before they can reach critical resources.
- CDN-based defense: Content delivery networks (CDNs) distribute traffic across multiple servers, reducing the impact on any single point of failure.
Effective volumetric DDoS mitigation requires a multilayered approach that combines network monitoring, traffic filtering, and DDoS mitigation services to minimize the attack’s impact.
How Vercara can help.
Vercara’s cloud DDoS mitigation service, UltraDDoS Protect, inspects network layer traffic to detect and block volumetric DDoS attacks plus a wide variety of other DDoS attack vectors. UltraDDoS Protect has >15 Tbps of DDoS traffic ingestion across over 15 points of presence to absorb and mitigate the largest attacks seen to date. UltraDDoS Protect is operated 24/7 by Vercara’s Security Operations Center.
Vercara’s other platforms such as our authoritative managed DNS platform, UltraDNS, and our Web Application Firewall service, UltraWAF, are protected by distributed points of presence, anycast IP networking, and by the DDoS mitigation capabilities of UltraDDoS Protect.
In today’s always-connected, always-online world, volumetric DDoS attacks threaten to cause disruption of critical services. Vercara partners with its customers to help them operate safely online. To learn more about volumetric DDoS attacks or any other kind of attack, please feel free to contact us.
