The volumetric DDoS attack generates a large quantity of large UDP packets. The target of these intrusions is frequently UDP based services like DNS. Since this protocol aids for genuine interaction, It further challenges mitigation. The randomised contents are present in the packets of the data. It is a combination of simple duplicate characters and strings. The forged random IP address is usually the origin IP address.
ICMP Flood
ICMP is a standard protocol utilised on the Internet for interacting miscellaneous status data among devices. The volumetric DDoS attack produces a massive amount of large ICMP packets. The ICMP ping request/ response prototypes are most prevalent. The packet type is “echo reply”, yet there are no associated “echo request” packets. The reply is present in genuine traffic. The timestamps and packet size helps in analysing the attack severity.
Fragmented ICMP Flood
This volumetric attack is similar to the ICMP flood, however with packets more substantial than the maximum section size of the connection (customarily 1.5K bytes). The significant difference between an ICMP and Fragmented ICMP Flood. For instance, the segregation of the seven packet fragments out of the 10K bytes. It is from the data section of the packet. Upon approaching the target, the receiving device will reassemble the packet employing additional CPU resources on the device.
Tsunami SYN Flood
This volumetric DDoS attack creates a large volume of huge TCP SYN packets. TCP is the most well-known protocol used on the Internet. It is a connection-oriented protocol. The ‘SYN’betokens that the synchronize flag is set on the TCP packet. It happens while a new connection.