Volumetric Attacks: The Brute Force Approach

2 min read Advanced Security Topics

Volumetric Attacks: The Brute Force Approach

Volumetric attacks represent the most common type of DDoS assault, accounting for over 65% of all attacks. These attacks aim to consume all available bandwidth between the target and the internet, essentially creating a traffic jam that prevents legitimate users from reaching your services. The sheer volume of traffic overwhelms network infrastructure, making services inaccessible.

UDP floods exemplify classic volumetric attacks. Attackers send large numbers of UDP packets to random ports on the target system. The target must check for applications listening on those ports and reply with ICMP "Destination Unreachable" packets. This process consumes resources and bandwidth, eventually overwhelming the system.

ICMP floods, also known as ping floods, bombard targets with ICMP Echo Request packets. While individual pings are harmless, millions of simultaneous requests can saturate network connections. Amplification attacks take this further by exploiting services that reply with larger responses than the initial request, multiplying the attack's impact.

DNS amplification attacks showcase the devastating potential of volumetric assaults. Attackers send small DNS queries with spoofed source addresses to open DNS resolvers. These resolvers send large responses to the victim, creating amplification factors of 50x or more. A 64-byte request can generate a 3,000-byte response, turning a modest botnet into a powerful weapon.