Dr. Erdal Ozkaya
Search
  • Home
  • About Me
  • Home
  • About Me
  • Home
  • Cybersecurity, Video Tutorials
  • HTTP Flood DOS attack demonstration – Free VIDE0

HTTP Flood DOS attack demonstration – Free VIDE0

Erdal2021-10-01T01:40:33-04:00

HTTP Flood DOS attack

A demonstration on how to use DoS HTTP to launch a Ethical attack

 

Erdal

What is an HTTP flood DDoS attack?

An HTTP flood attack is a type of volumetric distributed denial-of-service (DDoS) attack designed to overwhelm a targeted server with HTTP requests. Once the target has been saturated with requests and is unable to respond to normal traffic, denial-of-service will occur for additional requests from actual users.

An HTTP Flood

How does an HTTP flood attack work?

HTTP flood attacks are a type of “layer 7” DDoS attack. Layer 7 is the application layer of the OSI model, and refers to internet protocols such as as HTTP. HTTP is the basis of browser-based internet requests, and is commonly used to load webpages or to send form contents over the Internet. Mitigating application layer attacks is particularly complex, as the malicious traffic is difficult to distinguish from normal traffic.

In order to achieve maximum efficiency, malicious actors will commonly employ or create botnets in order to maximize the impact of their attack. By utilizing many devices infected with malware, an attacker is able to leverage their efforts by launching a larger volume of attack traffic.

There are two varieties of HTTP flood attacks:

  1. HTTP GET attack – in this form of attack, multiple computers or other devices are coordinated to send multiple requests for images, files, or some other asset from a targeted server. When the target is inundated with incoming requests and responses, denial-of-service will occur to additional requests from legitimate traffic sources.
  2. HTTP POST attack – typically when a form is submitted on a website, the server must handle the incoming request and push the data into a persistence layer, most often a database. The process of handling the form data and running the necessary database commands is relatively intensive compared to the amount of processing power and bandwidth required to send the POST request. This attack utilizes the disparity in relative resource consumption, by sending many post requests directly to a targeted server until it’s capacity is saturated and denial-of-service occurs.

How can an HTTP flood be mitigated?

As mentioned earlier, mitigating layer 7 attacks is complex and often multifaceted. One method is to implement a challenge to the requesting machine in order to test whether or not it is a bot, much like a captcha test commonly found when creating an account online. By giving a requirement such as a JavaScript computational challenge, many attacks can be mitigated.

Other avenues for stopping HTTP floods include the use of a web application firewall (WAF), managing an IP reputation database in order to track and selectively block malicious traffic, and on-the-fly analysis by engineers. Having an advantage of scale with over 20 million Internet properties allows Cloudflare the ability to analyze traffic from a variety of sources and mitigate potential attacks with quickly updated WAF rules and other mitigation strategies to eliminate application layer DDoS traffic.

 

Comments (2)

  • Sharath Reply

    Due to the growing awareness regarding the importance of cyber insurance we must consider investing in good DDoS services like the one from Mazebolt. Good job on bringing so much info in a single place.

    25/07/2021 at 22:16
  • Sharath Reply

    I really appreciate the research involved in this blog! DDoS attacks threaten every business on the internet. Would you mind informing about the best service providers for the same? I have researched about Mazebolt, what do you think about it?

    24/10/2021 at 19:13

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

Vulnerability

Monthly Vulnerability Review – April 2020

Monthly Vulnerability Review As usual it was a busy month for the Security Community.  The security researchers were finding bugs, zero... read more
Manage Engine review

A review of Cybersecurity The Beginner’s Guide : Informative Review (March 22 )

A review of Cybersecurity The Beginner's Guide Special thanks to Manage Engine for revieing my book and publishing it in their... read more
Erdal Ozkaya in the News

TOP 10 BOOKS ON CYBERSECURITY YOU MUST READ IN 2020

TOP 10 BOOKS ON CYBERSECURITY YOU MUST READ IN 2020 Our Book " Cybersecurity Attack and Defense Strategies " has been... read more
Cybersecurity The Beginner's Guide Dr Erdal ozkaya

Learn Cybersecurity

Learn Cybersecurity Learn Cybersecurity in 2021: What it Is, Job Outlook & Where to Learn it A great blog post by Learn... read more
Malware

10 years of virtual dynamite: A high-level retrospective of ATM malware

10 years of virtual dynamite: A high-level retrospective of ATM malware POSTED BY VANJA SVAJCE via Talos Intelligence Executive summary It has been 10... read more
update on the current cyber security threat profile

Erdal’s update on the current cyber security threat profile Free Webinar :

update on the current cyber security threat profile Join Microsoft #Cybersecurity Architect Dr Erdal Ozkaya tonight (7-8:30pm AEST) to hear about... read more

CISO 360 Middle East – Free Opportunity

CISO 360 Middle East Weathering the Cyber Attack Storm in the Middle East  This interactive LIVE BROADCAST with local CISOs and... read more
Malware

The Malware Plague – Part 1

The Malware Plague Malicious software—commonly referred to as malware—is used by threat actors to perform malicious activities on a host system.... read more
Social engineering

Prevent Social Engineering easily and free

Prevent Social Engineering We call social engineering, the deception art. It is, simply, capturing information by deceiving/manipulating the target person. There are... read more
Remove Virus from your computer

Remove Virus from your computer, secure it back easily !

Remove Virus from your computer, secure it back easily ! WHAT IS A COMPUTER VIRUS? Computer virus is a computer program which... read more

Categories

  • About Dr Erdal Ozkaya (298)
    • Awards (96)
    • Erdal in the news (118)
    • Feedback (90)
    • My Books (54)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (302)
  • Artificial Intelligence AI (11)
  • Certification (52)
  • Cloud Computing (72)
  • Cybersecurity (322)
  • Cybersecurity Leadership (52)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (156)
  • General (133)
  • How to …? (63)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (33)
    • Free E-Books (13)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Erdal on Siber Güvenlik Saldiri ve Savunma Stratejileri – NEW B00K

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.