Trickle Attacks vs Volumetric Attacks

When it comes to DDoS attacks there are 2 primary types.

A Volumetric attack with the goal of saturating the pipe on the target network.

A Trickle attack with the goal of tying up the resources of the target network while generating the least amount of bandwidth.

These 2  methods manifest in different ways where volumetric attacks consume tons of bandwidth which will manifest as a saturated internet link.

A trickle attack manifests as a high PPS ( Packets Per Second)  rate, for example, a DDoS attack against a SIP server has the goal of tying up the server so it won’t accept a legitimate call this does not require a large amount of bandwidth.

Volumetric attacks usually require amplification and many hosts to accomplish their goal trickle attacks can be launched from as little as one machine.

An example of a trickle attack is a slowloris attack which uses a slow process to tie up resources on a web server until in crashes due to resource exhaustion,

Mechanisms such as MOD-SECURITY can be used in this case to rate limit traffic from a single host others include MOD_EVASIVE or firewalls, commingIPS to keep track of connections from a specific source and rate limit the traffic or drop it entirely

See my latest video on this topic.



Please let me know if you have any questions!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.