Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

Managed WAF

Starts at $99

Guided onboarding, monitoring of latency, false positives, and DDoS attacks, custom rules, and more

Try Free For 14 Days

Application Layer 7 DDoS Attacks

Posted DateJuly 18, 2019
Posted Time 3   min Read

In today’s day and age, websites and web applications play a central in the business strategies of most businesses. These web properties need to be agile, fast, and efficient with zero downtimes or latencies. Or, the business stands to lose customers who will immediately bounce and go to the competitor’s website.

Distributed denial of service (DDoS) attacks, by causing downtimes and crashes, make websites and web applications unavailable to legitimate traffic. Apart from the monetary losses, businesses also face the hefty loss of brand image, goodwill, and reputation due to their high noticeability. DDoS attacks are often used as smokescreens for other malicious activities and attacks and are, therefore, detrimental to business profitability and growth. So, businesses need to have a proactive approach towards DDoS protection to ensure the sustained and consistent availability of their website and web applications.

Understanding the different types of DDoS attacks

To prevent DDoS attacks, it is critical that businesses understand the different types of these attacks that can happen and accordingly, choose a mitigation strategy and solution.

DDoS attacks are often equated with volumetric and network-level attacks. However, only half the DDoS attacks are volumetric or network layer attacks such as UDP flooding, ICMP flooding, SYN Floods, DNS Amplification, etc. which overwhelm the webserver/ application with voluminous fake/ illegitimate requests to erode the bandwidth and other resources and make the website unavailable.

The other half of the DDoS attacks are Application-layer or Layer 7 attacks which are often small and silent. Layer 7 attacks leverage loopholes, vulnerabilities, and/or business logic flaws in the application layer to orchestrate the attacks. These attacks do not require lots of devices, packets, or bandwidth; they are often less than 1Gbps in magnitude. Attackers send seemingly legitimate requests to take down the application; often requesting access to load a single page. These very qualities make Layer 7 attacks much sneakier and more dangerous. Examples of Layer 7 attacks are Slowloris, GET/POST Floods, etc.

Most Common Layer 7 Attacks

The most common application-layer DDoS attack is the HTTP Flooding. There are 4 different categories in HTTP flooding.

1. Basic HTTP Floods:

As the name suggests, these are the simplest and most common HTTP Flooding attacks. The attackers use the same range of IP addresses, user agents and referrers (smaller in number than volumetric attacks) to gain access to the same webpage or resource over and over again. The server is unable to handle the sudden flow of requests and crashes.

2. Randomized HTTP Floods:

In this kind of HTTP Flooding attacks, attackers leverage a wide range of IP addresses, randomized URLs/ user agents/ referrers to carry out more complex attacks. Here, botnets may be controlling a number of different devices that are probably infected with malware and that they use to send these GET/POST requests to the server.

3. Cache-bypass HTTP Floods:

These are a sub-category of Randomized HTTP flooding attacks where attackers use different strategies to bypass the web application caching systems and force the server to use up a lot of bandwidth in completing the requests. One example is attackers searching for un-cached content or generic dictionary searches that use up server resources and cause downtimes. Cache Bypass Flooding attacks are considered to be the smartest.

4. WordPress XML-RPC Floods:

In this attack type, attackers leverage the simple WordPress pingbacks of several other WordPress installations as a reflection for orchestrating the Flooding Attack.

Randomized HTTP flooding and Cache-Bypass HTTP flooding are the most common even among the HTTP flooding attacks.

5. Slowloris Attacks:

This is the easiest, most common, and most lethal among the Application-layer DDOS attacks. The lethalness and viciousness of this attack type lie in its underlying simplicity. Slowloris attacks do the opposite of the volumetric attacks – instead of bombarding the server with many requests, the server is sent payloads slowly (hence the name slow loris) while keeping the connection open for a long period of time.  By launching this attack, even in very low volumes, the server connection pool can be exhausted in waiting to receive the full request from the slow loris attack payloads, thereby, preventing it from serving other legitimate users

The key to protecting against Layer 7 attacks

As mentioned earlier, it is critical yet difficult to identify Layer 7 DDoS attacks because of their sneakiness and seeming to request legitimacy. To address these attacks, the DDoS mitigation solution must:

  • provide always-on, instant protection including real-time alerts
  • allow custom rules and policies
  • include the services of certified security experts
  • provide security analytics to be prepared for future attacks
  • provide real-time visibility to the risk posture.

But most DDoS mitigation solutions tend to focus singularly on volumetric attacks and do not offer such comprehensive security against Layer 7 attacks. Make sure to choose a DDoS protection service that offers an intelligent and comprehensive managed WAF such as AppTrana so that you can ensure your web applications are always available.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Vivek Gopalan

Vivekanand Gopalan is a seasoned entrepreneur and currently serves as the Vice President of Products at Indusface. With over 12 years of experience in designing and developing technology products, he has a keen eye for building innovative solutions that solve real-life problems. In his previous role as a Product Manager at Druva, Vivek was instrumental in creating the core endpoint data protection solution which helped over 1500 enterprises protect over a million endpoints. Prior to that, he served as a Product Manager at Zighra, where he played a crucial role in reducing online and offline payment fraud by leveraging mobile telephony, collective intelligence, and implicit user authentication. Vivek is a dynamic leader who enjoys building and commercializing products that bring tangible value to customers. In 2010, before pursuing MBA, he co-founded a technology product company, Warmbluke and created a first-of-its-kind innovative Civil Engineering estimator software called ATLAS. The software was developed for both enterprise and for SaaS users. The product helps in estimating the construction cost using CAD drawings. Vivek did his MBA from Queen's University with Specialization in New Ventures. He also holds a Bachelor of Technology degree in Information Technology from Coimbatore Institute of Technology, Anna University, one of the prestigious universities in India. He is the recipient of the D.D. Monieson MBA Award, Issued by Queen's School of Business, presented to a student team which has embraced the team-learning model and applied the management tools and skills to become a peer exemplar. In his spare time, Vivek likes to go on hikes and read books.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

DDoS Attack Mitigation Playbook
DDoS Attack Mitigation Playbook for SOC and DevOps Teams

Facing DDoS threats? Arm your SOC & DevOps teams with effective mitigation strategies. Explore geo-fencing, IP blacklisting, and rate limiting in our playbook.

Read More
Types of DDoS Mitigation Services
The Right Choice – Types of DDoS Mitigation Services Demystified

According to Gartner, downtime costs enterprises around $5,600 per minute. For any business, it is a significant loss since the median downtime of a DDoS attack lasts between seven to.

Read More
poor firewall implementation paves way for DDoS attacks
Poor Firewall Implementations Pave Wave for DDoS Attacks

What are these implementation flaws that make firewalls susceptible to DDoS attacks? What can you do to fortify their security posture?

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!