High traffic attack
Large-traffic attacks saturate the bandwidth and infrastructure of the network through massive traffic and completely consume them, thus achieving the purpose of network flooding. Once the traffic exceeds the capacity of the network or the connection ability between the network and other parts of the Internet, the network will be inaccessible. Examples of high-traffic attacks include ICMP, fragmentation and UDP flooding.
TCP state exhaustion attack
TCP state exhaustion attacks attempt to consume connection state tables that exist in many infrastructure components, such as load balancers, firewalls and application servers themselves. For example, a firewall must analyze each packet to determine whether the packet is a discrete connection, the existence of an existing connection, or the end of an existing connection. Similarly, the intrusion prevention system must track the state to realize signature-based packet detection and state protocol analysis. These devices and other stateful devices, including those responsible for equalizers, are often harmed by session flooding or connection attacks. For example, the Sockstress attack can fill the connection table by opening a socket, thus quickly flooding the state table of the firewall.
Application layer attack
Application layer attacks use more complex mechanisms to achieve hackers' goals. Application layer attacks do not flood the network with traffic or sessions, but slowly exhaust the application layer resources of specific applications/services. Application layer attack is very effective at low traffic rate, and the traffic involved in the attack may be legal from the protocol point of view. This makes application layer attacks more difficult to detect than other types of DDoS attacks. HTTP flooding, DNS dictionary, Slowloris, etc. Are examples of application layer attacks.