What is layer 7 ddos attacks?

Services
- Infrastructure
  - iColocation
- Compute
  - cMetal
- Storage
  - sObject
  - sBlock
- Networking
- Protection
  - pBackup
  - pDDoS
Solutions
- Ecommerce
- Security
- Gaming
- Hosting
- Management
- Finance
- System Integrator
Dashboard

Psychz - Ganesh

Votes: 0Posted On: May 18, 2017 08:57:18

OSI MODEL

To understand layer 7 DDoS attacks first we need to understand what layer 7 stands for. Layer 7 refers to the Application layer of the OSI(Open System Interconnection) model. The OSI model is a standard use for the communication of network devices. It consists of seven layers with layer 7 called as the application layer. Layer 7 is the uppermost layer and is used by different applications in the server.

LAYER 7 ATTACKS

DDoS(Distributed Denial of Service) attacks are of various types and can be concentrated on a specific layer. Layer 7 attacks focus specifically on the layer 7 features such as HTTP, SNMP, FTP etc. Layer 7 attacks require a lot less bandwidth and packets than network layer attacks to disrupt the services. For instance, a network layer attack like SYN flood requires a huge number of packets to perform an effective DDoS attack. On the contrary, a limited number of packets can perform a DDoS attack on a large scale. HTTP flood is the most prominent of Application layer DDoS attacks. When an HTTP request is sent to the server it utilizes considerable resources. Hence, a limited number of these packets are capable of exploiting all the server resources.

HTTP FLOOD

HTTP flood attacks tend to concentrate on the applications that take up a lot of resources like web application. It is very difficult to identify a Layer 7 attack as the packets incident on the server is limited. When the packets are incident you cannot differentiate between genuine and attack packets. HTTP attacks mostly utilize the POST requests as these messages are most resource consuming and can lead to application crash. The HTTP attacks are very challenging to identify as a simple volumetric attack can be identified by the sheer volume of the packets incident on the server. However, in case of HTTP attacks the volume of the packets during an attack are not irregular. Thus, these can be misinterpreted as regular packets. A crude observation on regular requests and constant monitoring can help you identify these attacks.

Please refer to our article on "How to fight DDoS attacks" for further information on the latest tools available to monitor and mitigate attacks.

https://www.psychz.net/client/question/en/how-to-fight-ddos-attacks.html