Protocol-based DDoS Attack
Protocol-based attacks primarily focus on exploiting a weakness in Layer 3 or Layer 4 of the OSI layer. The most common example of a protocol-based DDoS attack is the TCP Syn Flood, wherein a succession of TCP SYN requests directed towards a target can overwhelm the target and make it unresponsive. The recent Dyn outage, apart from being an application-layer attack also consisted of TCP Syn floods targeting port 53 of Dyn’s DNS servers.
Application-based DDoS Attack
Application attacks are the trickiest of the DDoS attacks as they are harder to identify and in some cases even mitigate.Experts; “Application-layer attacks are the most sophisticated and stealthy attacks because they can be very effective with as few as one attacking machine generating traffic at a low rate. This makes these attacks very difficult to proactively detect with traditional flow-based monitoring solutions.”