Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
In this type of attack targeting the third layer of the OSI model, the aim is to slow down or stop the communications of an application, service, server, or network by pushing its capacity to its limits.
In these DDoS attacks carried out using the third layer, large amounts of data are sent to the target system, preventing normal traffic from reaching its destination. The purpose of this type of attack on the third layer of the OSI model is to slow down or stop communication by straining the capacity of an application, service, server, or network. The attack generally targets network devices that operate at Layer 3. When these network devices go offline, communication with the servers is also cut off. We would also like to note that Layer 3 attacks are conducted without targeting a specific connection port.
The protocols and technologies required for network devices to connect to each other at the third layer are used in this attack. No security inspection is performed at the third layer and it is not determined which services will be used.
Layer 3 attacks operate at the network layer of the OSI model — the layer responsible for packet forwarding and routing across different networks. The most common protocols at this layer are IP (Internet Protocol) and ICMP (Internet Control Message Protocol). Layer 3 attacks exploit these protocols to flood target network infrastructure with traffic that the network devices — routers, switches, and firewalls — must process, exhausting their resources and preventing legitimate traffic from passing through.
Common Layer 3 attack types include ICMP floods (also known as ping floods), in which attackers send enormous volumes of ICMP echo request packets to the target, consuming bandwidth and forcing the target’s network equipment to process and respond to each packet. Another example is the Smurf attack, in which spoofed ICMP packets are broadcast to a network, causing all devices on that network to reply to the victim, amplifying the attack significantly.
Unlike application layer attacks, Layer 3 attacks do not require any understanding of the services running on the target — they simply aim to overwhelm the network infrastructure itself. A key characteristic is that they do not target a specific port, making simple port-based filtering insufficient as a defence.
Effective defences against Layer 3 attacks include upstream traffic scrubbing provided by ISPs or cloud-based DDoS mitigation services, which can absorb and filter volumetric attacks before they reach the target’s network. Configuring network equipment to rate-limit ICMP traffic and to discard packets with spoofed source addresses (ingress filtering) also reduces exposure. For organisations facing persistent Layer 3 attack campaigns, working with a DDoS mitigation provider that offers always-on protection and large-capacity scrubbing infrastructure is the most reliable approach.
You May Be Interested In These
