Volumetric attack definition
Volumetric attack, also known as volumetric DDoS attack, is a type of Distributed Denial of Service (DDoS) attack that uses massive volumes of traffic to attack the target’s network and overwhelm its server resources, effectively making it unavailable to users. Volumetric attacks are versatile and can disrupt websites, applications, and other online services.
Instead of targeting specific protocols, volumetric attacks aim to exhaust the target’s bandwidth through amplification. They use botnets — networks made up of compromised devices — to generate inflated traffic. Due to this impact, the servers can’t distinguish between malicious and legitimate requests and end up crashing.
See also: botnet, DDoS mitigation, flooding, NTP amplification attack
Examples of a volumetric attack
- DNS amplification. Attackers use the target's IP address to send requests to a DNS server, which sends a large response to the target and causes network congestion.
- Reflection amplification. Attackers use a spoofed ID address to send small requests to a server. The server issues a larger response to the target, amplifying the traffic volume until it’s unsustainable.
- HTTP flood. Attackers overwhelm the target’s servers with numerous HTTP requests.
- ICMP flood. Attackers exhaust the target’s resources through perpetual Internet Control Message Protocol (ICMP) echo requests.
- UDP flood. Attackers overload the servers by sending large volumes of User Datagram Protocol (UDP) packets to random system ports.
Preventing volumetric attacks
- Rate limiting. Restricting the traffic rate that the server can process.
- Flow telemetry analysis. Analyzing the network traffic patterns to detect irregularities from the normal traffic flow and detect DDoS attacks.
- Web application firewall (WAF). Setting up a WAF to filter malicious traffic that may indicate a volumetric attack.
- Blackholing. Rerouting malicious traffic to a ”black hole” and away from the target.
