Because DDoS attacks can come from hundreds, thousands, or even millions of different IP addresses, it is often hard to identify the attacking machines and to filter attacks. The tools to create and conduct DDoS attacks are startlingly available and inexpensive — as low as a few dollars — while the cost to the attacked organization can range from $50,000 to $500,000 in lost sales or business disruption for each hour of the attack.
And attacks can last hours and even a full day.
DDoS attacks are often measured by how much network bandwidth they consume, or by the number of simultaneous connections being requested. Is it enough to saturate the network connection to the server or service? Or to overwhelm the application? While most attacks have been single-digit Gbps (billions of bits per second), at least one DDoS attack on a data center was pegged at over 330 Gbps, and tens of thousands of connections were affected. On the other hand, many new attacks use less bandwidth, while lasting longer and doing more damage.
There are many types of DoS and DDoS attacks, including DNS attacks, Layer 3-4 and Layer 7 attacks, ICMP flooding, peer-to-peer attacks, and SYN flooding. There is even one type called “Permanent DoS” (PDoS), or “plashing,” which refers to attacks that require hardware be reinstalled or replaced (for example, by causing hardware to overheat).