Which type of DoS/DDoS incident is measured in packets per second (pps)?

The correct choice, which pertains to the type of DoS/DDoS incident measured in packets per second (pps), is a protocol attack. In these types of attacks, the objective is to overwhelm a specific type of protocol request to exploit weaknesses in the network protocols themselves, resulting in the exhaustion of resources.

Protocol attacks specifically target fundamental aspects of the networking stack, such as TCP/IP protocols, by sending a high volume of packets that consume substantial resources. Therefore, measuring the effectiveness of these attacks often relies on the number of packets sent per second, as it directly correlates to the intensity of the attack and its potential to disrupt services.

In contrast, volumetric attacks are typically measured in bits per second (bps) or volume of traffic rather than in packets. Application layer attacks focus on overwhelming web applications and are often measured in requests per second or connections but not specifically in packets. Transport layer attacks also measure traffic but typically in the context of connection-based metrics rather than packet counts.

Understanding the nature and measurement of different types of attacks is crucial for incident handling, as it guides the response and mitigation strategies adopted during an incident.