Askeal Logo

Volumetric Attack

A volumetric attack seeks to saturate available bandwidth or transport capacity so that legitimate traffic cannot reach the target.

What is a volumetric attack?How it typically works?Common techniques & variantsImpactFurther reading

What is a volumetric attack?

Volumetric attacks are a subset of DDoS focused specifically on consuming network capacity. Attackers generate extremely large volumes of traffic often by leveraging botnets and amplification techniques to create flows that exceed the target link capacity. The result is congestion, packet loss and service unavailability. High profile cases include Mirai which used insecure devices to create vast traffic and the 2018 attack that peaked at record levels against a code hosting service by abusing memcached servers.

How it typically works?

  1. Asset selection: attackers identify targets with limited upstream capacity or critical endpoints.
  2. Traffic generation: bots or reflectors produce high packet or byte rates destined to the target.
  3. Amplification steps: when reflectors are used small queries yield large responses multiplying the attack volume.
  4. Saturation and collapse: links saturate, queues fill, and legitimate packets are dropped.

Common techniques & variants

  • DNS amplification: send small spoofed DNS queries to resolvers that respond with large payloads amplifying traffic.
  • NTP amplification: abuse network time protocol servers for large responses.
  • Memcached amplification: reflectors return huge responses per request creating massive peaks.
  • UDP flood: raw high volume UDP packets to exhaust link capacity.
  • Combined reflector attacks: using multiple protocols to aggregate amplified responses.

Impact

Volumetric attacks create immediate large scale outages and are primarily mitigated by network level scrubbing and upstream filtering. For SecOps teams the operational needs include fast telemetry that shows byte rates and flow analytics, pre arranged mitigation contracts with providers, and capacity planning. The cost of mitigation can be substantial and these attacks are often used as blunt force for extortion or as part of larger intrusion campaigns.

Further reading

  • Akamai: Understanding volumetric attacks. Read more
  • Cloudflare: Record traffic attacks summary. Read more
  • Arbor Networks: Amplification and volumetric threat reports. Read more
  • US CISA: DDoS incidents and recommendations. Read more

Related topics

DDoS AttackBotnetAmplification Attack