Many of them target HTTP to exhaust a web server’s vitality (Breaking Point Labs, 2011).Īccording to general practice, layer seven DDoS attacks are often customized to target a specific web application. Here are seven reasons of why layer seven DDoS attacks represent such a vexing threat:Īny one of the protocols examined above may be subject to a DDoS attack (Abliz, 2011). The top layer of the internet protocol suite has two main categories of protocols: protocols that directly service users (e.g., HTTP, FTP, IMAP, Telnet, SMPT/POP, IRC, XMPP, SSH etc.) and support protocols that underpin various system functions (e.g., DNS, SNMP, BOOTP/DHCP, TLS/SSL, SIP, RTP, NTP etc.) (Abliz, 2011). Why Are Application-Layer DDoS Attacks Such a Vexing Threat? In addition, quarterly reports by Prolex show a definite tendency of increasing popularity, particularly of HTTP GET DDoS attacks in the period from April 2012 to June 2013. In 2012, Prolex’s annual report mentioned a 42.97 % growth in layer seven DdoS attacks. A year later, a Radware Security Survey: Attack Count by Type and Bandwidth claims that application layer attacks are prevalent : First, according to Arbor’s statistical information, with an over 102% increase of DDoS attack size when compared to the previous year, 2010 appears to be a cornerstone in DDoS evolution. To continue the layer seven DDoS topic, let’s review a couple of interesting sources of relevant statistics. The outlined picture of importance and future prevalence of application layer DdoS attacks was shared by experts from the OWAS Foundation in 2010: “We believe layer seven attacks may supersede layer four as the modus operandi of DDoS botnets in this new decade (Breaking Point Labs, 2011, par. In contrast, layer seven DDoS attacks often stand as a more formidable challenge (Breaking Point Labs, 2011). Protection and mitigation of common volumetric attacks is something that IT specialists are well familiar with.Heavy resource consumption will eventually render the server incapacitated (Imperva, 2012). Hence, layer seven DDoS leverage as well inherent flaws and limitations of applications, for example, system resources are always finite. Frequently, at close range are exhausted CPU or memory resources. Some IT experts call them “low and slow” for a reason. The goal of application layer DDoS attacks usually have nothing to do with overwhelming bandwidth.On the other hand, layer seven DDoS attacks take the victim server in the rear, first engaging well-known applications such as Hypertext Transfer Protocol (HTTP), Voice Over Internet Protocol (VoIP), or Domain Name System (DNS) (Arbor Networks, Inc. That benefits from an inherent blind spot of the internet medium. Perhaps the most notable difference so-called volumetric DDoS attacks strive to bring down network infrastructure and servers by employing high-bandwidth-consuming flooding.In other words, they are more sophisticated, since they do not count entirely on a brute force to achieve desired ends. Now that we grasp the difference between DDoS attacks, in terms of OSI model classification, let’s go through some general features that distinguish layer seven DDoS attacks from others:Ī layer seven DDoS attack, in contrast to the others, may exploit vulnerabilities in application software, thus circumventing detection and aiming directly at the targeted Web server (Manthena, 2011).
HTTP attacks on Web server threads – layer seven (Application Protocol).TCP attacks on server sockets – Layer 4 (Transport Protocol).IP attacks on the network bandwidth – Layer 3 (Network Protocol).
If we adopt this approach, some common types of DDoS attacks include: Given that the internet is built vertically by multiple protocol layers, it would be perfectly understandable if internet DDoS attacks assume a vertical classification, as well (Abliz, 2011). Furthermore, layer seven penetration, the top layer in the OSI model, provides an outlet on a business logic layer, which is considered an abstract extension of the aforementioned network protocol suite (F5 Networks, Inc. Therefore, attacks on the web application layer are increasingly popular. The relocation of the prime target is logical, since more DDoS defence systems focus their primary detection powers on lower layers (Imperva, 2012). The tendency of DDoS attacks shows infallibly that perpetrators take aim and move up the OSI network model over time. Layer seven DDoS Attacks Compared to Other Types In essence, it procures an interface to end-user tasks, and facilitates programs such as web browsers, email services, and photo applications in sending network communications (e.g., SMTP or HTTP). Although while examining DoS attacks, we’ll occasionally refer to various layers of this OSI model, special emphasis is to be laid upon the seventh layer, the application layer.
0 kommentar(er)
