With the rise of remote working, many companies are turning to network architectures that allow data to be processed and stored closer to the data source. DDoS attacks on the application layer are often underestimated.
Although much attention has been paid to mitigating network distributed denial-of-service (DDoS) attacks, it is crucial to also address application layer DDoS attacks, which can be of particular interest to attackers.
“While DDoS attacks are well known, they should not be dismissed as the norm in the current attack landscape. Cybercriminals use the results of their DDoS attacks at the application layer to gain insights and refine their attack methodology. Companies should therefore pay particular attention to three DDoS attacks at the application layer and expand their protection accordingly:
A Slowloris attack uses partial HTTP requests to open connections between a single computer and an attacked web server. The goal is to keep these connections open for as long as possible to overload and slow down the target.
Slow Post DDoS attack
In a Slow Post DDoS attack, the attacker sends legitimate HTTP Post headers to a web server. The sizes of the subsequent message text are correctly specified in the headers. However, the message text is sent at a painfully slow rate - sometimes as little as one byte every two minutes. Since the message is processed normally, the attacked server will do its best to follow the specified protocol rules, resulting in slow server progress afterwards.
TCP state exhaustion attacks attempt to overload the connection tables present in many infrastructure components, including load balancers, firewalls, and application servers themselves. Even high-capacity devices that can maintain the state of millions of connections can be brought down by these attacks ", says Christian Syrbe, Chief Solution Architect at NETSCOUT.
More at Netscout.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.