HTTP Flood

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

HTTP Flood is a type of Distributed Denial of Service (DDoS) attack in which the attacker manipulates HTTP and POST unwanted requests in order to attack a web server or application. These attacks often use interconnected computers that have been taken over with the aid of malware such as Trojan Horses. Instead of using malformed packets, spoofing and reflection techniques, HTTP floods require less bandwidth to attack the targeted sites or servers.

Attack description[edit]

In an HTTP flood, the HTTP clients such as web browser interact with an application or server to send HTTP requests. The request can be either “GET” or “POST”. The aim of the attack is when to compel the server to allocate as many resources as possible to serving the attack, thus denying legitimate users access to the server's resources.

GET flood[edit]

The GET request is used to retrieve static content like images. Typically this induces relatively low load on the server per request.

POST flood[edit]

POST requests are more likely to require the server to perform some kind of processing, such as looking up items in a database. Therefore, HTTP POST flood attacks typically impose higher load on the server per request.

Methods of mitigation[edit]

As HTTP flood attacks use standard URL requests hence it is quite challenging to differentiate from valid traffic. One of the most effective mitigation methods is the combination of traffic profiling methods that mainly includes identification of IP reputation, tracking abnormal actions and employing progressive sanctuary challenges.[1]

References[edit]

  1. ^ Cid, Daniel (February 6, 2014). "Layer 7 DDOS – Blocking HTTP Flood Attacks". Sucuri Blog. Retrieved December 7, 2016.