Generally attacks on layers 3-4 try to exhaust the network resources of the victim, in particular trying to saturate the connection or the ability of network equipment to handle the arrival of so many connections.
When the attack tries to saturate the connection, in essence is sent to the target a very large flow of data. If the victim has such a connection with bandwidth 100Mbit, and the attacker sends a data flow equal to or greater than 100Mbit, normal Visitors will not can connect to the server…
Very often, the attacks are more sophisticated. Network connections are based on protocols. Normally the TCP and UDP protocols require data to be divided into smaller units called packets, having a header indicating the destination IP.
The size of a packet is variable and can vary from a few bytes to about 1,5KB. An attacker can try to saturate the capacity of routers, switches, and servers to switch and manage packets.
Thus, for example, even if the victim has a connection 1Gbit, the attacker may be able to saturate the connection by sending 300.000 small packets , which although not reach 1Gbit traffic, can saturate the capacity of the switches, network cards, and the operating system to handle them.
There are a few solutions to defend against such attacks with affordable, and generally are effective only for very mild attacks. It is for this need to rely on a Anti DDoS protection service, a company specialized as our to defend against this type of threat.