An application-layer attack targets the layer of the internet that essentially faces the end user. This layer, also known as layer 7 in the OSI (Open Systems Interconnection) model, includes applications that you are used to accessing yourself online.
Traditional DDoS attacks, such as ICMP and SYN floods, as we mentioned earlier, still challenge network operators; however, the detection of these common attacks are well understood by network security experts.
Even when attackers utilize IP spoofing, it is still more difficult to detect attacks on the application layer. As of 2013, application layer DDoS attacks represent 20% of all DDoS attacks.
Here Are Two Examples of Application Level Attacks
To really get our hands dirty with application level attacks, we need to understand the varying types of attacks they represent.
1. HTTP flood
HTTP flood is a type of layer 7 application attack hitting web servers that apply the GET requests used to fetch information, as in URL data retrievals during SSL sessions. Hackers sends the GET or POST requests to a target web server.
These requests are specifically designed to consume considerable resources. Then, bots start from a given HTTP link and follow all links on the provided website in a recursive way.
This is how HTTP flood attacks are launced.
2. Slowloris Attack
Slowloris attacks attempt to monopolize system resources by sending HTTP requests that never complete.
Therefore, the web server waits indefinitely for requests, eventually consuming all its connection capacity. By exhausting TCP session availability, the server is frozen.
While the server’s HTTP service is locked up, other server functions continue to run. Once the Slowloris software stops running, the machine will eventually come back online as timeouts go into effect and sessions expire.
The existing intrusion detection and prevention solutions that rely on signatures to detect attacks will generally not recognize Slowloris.
The use of application level attacks are serious cyber security vulnerabilities that are steadily growing and need to be addressed.
Vann Abernethy of NSFOCUS states, “application layer attacks are potentially damaging to your critical infrastructure.”
The reason why they are so damaging is because application level attacks can actually destroy or severely damage server, application, and database resources.
Protecting yourself with application layer web security is the first step in fighting against this growing trend.