← Lessons

quiz vs the machine

Gold1400

Networking

Volumetric Versus Application DDoS

Two ways attackers overwhelm a service.

5 min read · core · beat Gold to climb

Overwhelming A Target

A distributed denial of service attack uses many sources to exhaust a victim. Attacks fall into broad families based on which resource they drain.

Volumetric Attacks

A volumetric attack tries to saturate raw bandwidth.

  • Huge floods of packets fill the link so legitimate traffic cannot get through.
  • Amplification makes this cheap. The attacker sends a small spoofed request to a public service that replies with a much larger response aimed at the victim.
  • Open DNS and NTP servers are classic amplifiers.

Defense usually happens upstream, where a provider with very large capacity absorbs or scrubs the flood.

Application Layer Attacks

An application layer attack targets expensive logic rather than bandwidth.

  • It sends seemingly valid requests that each cost the server a lot, such as a heavy search or login.
  • Volume can be modest, so the link looks fine while the application falls over.
  • These are harder to spot because each request resembles a real user.

Why The Distinction Matters

The two need different defenses. Bandwidth scrubbing stops floods but not clever requests, while request analysis and rate limiting stop application abuse but cannot save a saturated link.

Key idea

Volumetric DDoS saturates bandwidth and is fought upstream, while application layer DDoS drains server logic with valid looking requests and needs request analysis and rate limiting instead.

Check yourself

Answer to earn rating on the learn ladder.

1. What does a volumetric DDoS attack target?

2. Why is amplification attractive to attackers?

3. Why are application layer attacks hard to detect?