HTTP Flood
 | This article needs additional citations for verification. (June 2017) |
HTTP Flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker manipulates HTTP and POST unwanted requests in order to attack a web server or application. These attacks often use interconnected computers that have been taken over with the aid of malware such as Trojan Horses. Instead of using malformed packets, spoofing and reflection techniques, HTTP floods require less bandwidth to attack the targeted sites or servers than layer-4 attacks.
Attack description
In an HTTP flood, the HTTP clients such as web browser interact with an application or server to send HTTP requests. The request can be either “GET” or “POST”. The aim of the attack is when to compel the server to allocate as many resources as possible to serving the attack, thus denying legitimate users access to the server's resources. Attackers inject legitimate looking, but randomised HTTP headers in an attempt to avoid detection, and make make use of proxies to hide their source IP address.
GET flood
The GET request is used to retrieve static content like images, scripts and style sheets. The request may simply fetch the root or specifically target large assets. The requests do not typically require authentication, cannot evade Captchas and induce relatively low load on the server per request.
POST flood
An HTTP POST flood (or simply POST flood) is a denial of service attack that uses POST requests, which are part of the Hypertext Transfer Protocol (HTTP).[1] As of late 2013, POST floods were increasingly being launched from mobile devices.[2]
POST requests are more likely to require the server to perform some kind of processing, such as looking up items in a database. Therefore, HTTP POST flood attacks typically impose higher load on the server per request.[citation needed]
Methods of mitigation
As HTTP flood attacks use standard URL requests, they are quite challenging to differentiate from valid layer-4 network traffic. One of the most effective mitigation methods is the combination of traffic profiling methods that mainly includes identification of IP reputation, tracking abnormal actions and employing progressive sanctuary challenges.[3]
References
- ^ "DDoS Quick Guide" (PDF). National Cybersecurity and Communications Integration Center, Department of Homeland Security. 29 January 2014. Retrieved 2017-01-24.
- ^ Player, Chris (2014-01-18). "Mobile devices become launchpads for DDoS attacks". PCWorld. Archived from the original on 2019-08-31. Retrieved 2017-01-24.
- ^ Cid, Daniel (February 6, 2014). "Layer 7 DDOS – Blocking HTTP Flood Attacks". Sucuri Blog. Retrieved December 7, 2016.
Content Disclaimer
Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.
- The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
- There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
- It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
- Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
- Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.