You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ddos-protection/types-of-attacks.md
+32-7Lines changed: 32 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,20 +5,45 @@ services: ddos-protection
5
5
author: AbdullahBell
6
6
ms.service: azure-ddos-protection
7
7
ms.topic: concept-article
8
-
ms.date: 07/17/2024
8
+
ms.date: 01/21/2025
9
9
ms.author: abell
10
10
---
11
-
# Types of attacks Azure DDoS Protection mitigates
11
+
# Types of attacks Azure DDoS Protection mitigate
12
12
13
13
Azure DDoS Protection can mitigate the following types of attacks:
14
14
15
-
-**Volumetric attacks**: These attacks flood the network layer with a substantial amount of seemingly legitimate traffic. They include UDP floods, amplification floods, and other spoofed-packet floods. DDoS Protection mitigates these potential multi-gigabyte attacks by absorbing and scrubbing them, with Azure's global network scale, automatically.
16
-
-**Protocol attacks**: These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. They include SYN flood attacks, reflection attacks, and other protocol attacks. DDoS Protection mitigates these attacks, differentiating between malicious and legitimate traffic, by interacting with the client, and blocking malicious traffic.
17
-
-**Resource (application) layer attacks**: These attacks target web application packets, to disrupt the transmission of data between hosts. They include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks. Use a Web Application Firewall, such as the Azure [Application Gateway web application firewall](../web-application-firewall/ag/ag-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json), as well as DDoS Protection to provide defense against these attacks. There are also third-party web application firewall offerings available in the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=web%20application%20firewall).
15
+
-**Volumetric attacks**: These attacks flood the network layer with a substantial amount of seemingly legitimate traffic. They include UDP floods, amplification floods, and other spoofed-packet floods. DDoS Protection mitigates these potential multi-gigabyte attacks by absorbing and scrubbing them, with Azure's global network scale, automatically. Common attack types are listed in the following table.
|**ICMP Flood**| Overwhelms the target with ICMP Echo Request (ping) packets, causing disruption. |
20
+
|**IP/ICMP Fragmentation**| Exploits IP packet fragmentation to overwhelm the target with fragmented packets.|
21
+
|**IPsec Flood**| Floods the target with IPsec packets, overwhelming the processing capability. |
22
+
|**UDP Flood**| Sends a large number of UDP packets to random ports, causing resource exhaustion.|
23
+
|**Reflection Amplification Attack**| Uses a third-party server to amplify the attack traffic towards the target. |
24
+
25
+
-**Protocol attacks**: These attacks render a target inaccessible, by exploiting a weakness in the layer 3 and layer 4 protocol stack. They include SYN flood attacks, reflection attacks, and other protocol attacks. DDoS Protection mitigates these attacks, differentiating between malicious and legitimate traffic, by interacting with the client, and blocking malicious traffic. Common attack types are listed in the following table.
|**SYN Flood**| Exploits the TCP handshake process to overwhelm the target with connection requests. |
30
+
|**Fragmented Packet Attack**| Sends fragmented packets to the target, causing resource exhaustion during reassembly. |
31
+
|**Ping of Death**| Sends malformed or oversized packets to crash or destabilize the target system. |
32
+
|**Smurf Attack**| Uses ICMP echo requests to flood the target with traffic by exploiting network devices. |
33
+
34
+
-**Resource (application) layer attacks**: These attacks target web application packets, to disrupt the transmission of data between hosts. They include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks. Use a Web Application Firewall, such as the Azure [Application Gateway web application firewall](../web-application-firewall/ag/ag-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json), and DDoS Protection to provide defense against these attacks. There are also third-party web application firewall offerings available in the [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps?page=1&search=web%20application%20firewall). Common attacks types are listed in the following table.
|**BGP Hijacking**| Involves taking control of a group of IP addresses by corrupting Internet routing tables. |
40
+
|**Slowloris**| Keeps many connections to the target web server open and holds them open as long as possible. |
41
+
|**Slow Post**| Sends HTTP POST headers that are incomplete, causing the server to wait for the rest of the data. |
42
+
|**Slow Read**| Reads responses from the server slowly, causing the server to keep the connection open. |
43
+
|**HTTP(/s) Flooding**| Floods the target with HTTP requests, overwhelming the server's ability to respond. |
44
+
|**Low and Slow attack**| Uses a few connections to slowly send or request data, evading detection. |
45
+
|**Large Payload POST**| Sends large payloads in HTTP POST requests to exhaust server resources. |
20
46
21
-
Azure DDoS Protection protects resources in a virtual network including public IP addresses associated with virtual machines, load balancers, and application gateways. When coupled with the Application Gateway web application firewall, or a third-party web application firewall deployed in a virtual network with a public IP, Azure DDoS Protection can provide full layer 3 to layer 7 mitigation capability.
0 commit comments