HTTP flooding is a type of DDoS attack. In these cases, the attacker’s goal is to saturate the application or website with a large number of visits from different locations. HTTP flood attacks are also known as Layer 7 attacks, which refers to the so-called application layer in the OSI model. This model affirms that the Internet consists of seven layers since the objective of this is always to deprive the network or the server of resources.
When the hardware is under-resourced, the client takes longer to respond to requests. During an HTTP flood, as the attacker sends a large number of requests to the hardware without pause, the system becomes overloaded, preventing access to the server and the network and thus, by means of an HTTP flood attack, it is intended to disable the server by making requests completely normal.
During an HTTP flood attack, many requests are made simultaneously which are GET or POST, the GET requests retrieve static content, such as images or text blocks. Instead, POST requests are used to access dynamic resources. In other words, the GET method receives data from the server, while the POST method sends data to the server.
While these requests are made simultaneously, if they are made for a long period of time. Usually a botnet is used to increase the number of requests. The HTTP flood attack is designed in such a way that the server dedicates the largest possible volume of resources to each request. In a normal situation, this is desirable, because the server does not receive thousands or hundreds of thousands of requests per minute, as in this case.
It is very difficult to protect yourself from an HTTP flood, because the attacker’s requests can look like normal website traffic. In this type of attack, malware is not sent to the server, nor is it intended to exploit security breaches, but rather saturates the server with legitimate requests. As these require much less bandwidth than any intrusion in the code of the page, this type of attack can go unnoticed at first, so it is essential to be careful and be prepared for them.
More reads:
ICMP Flood denial of service attack type
Ping of Death, One of the first threats on the net
[…] check:HTTP Flood DDoS attack methodSYN Flood variant of DDoS attackICMP Flood denial of service attack […]