Page cover

DDOS Layer Explanaion

Short Intro for DDoS and popular layer attack explanation

DDOS Introduction

DDOS ( DIstributed Denied of Servies )

What is DDOS ? Demo Video from Cloud Flare

DDOS Segment Breakdown with OSI Model

From Cloud Flared

Popular Layer attacks Explanation

Layer 7 Attacks ( Application Layer )

Layer 7 attacks, also known as application layer attacks, target the top layer of the OSI model, which deals with application-level protocols such as HTTP, SMTP, FTP, and DNS. These attacks aim to exploit vulnerabilities in the application layer to disrupt or overwhelm a target server or application. Here are some examples of Layer 7 attacks:

  1. GET Flood: This attack involves sending a large number of HTTP GET requests to a server, fenses and overload the target server.

  2. RHEX (Random HEX): This attack sends random hexadecimal characters to a server, trying to exploit vulnerabilities in the server's parsing or processing mechanisms.

  3. STOMP: This attack bypasses the "chk_captcha" mechanism, which is often used to protect against automated attacks by requiring users to solve a captcha.

  4. STRESS: This attack sends HTTP packets with high byte values, potentially causing buffer overflows or other memory-related vulnerabilities in the target application.

  5. DYN: This attack utilizes random subdomains in the HTTP requests, making it harder for mitigation systems to detect and block the attack.

  6. DOWNLOADER: This attack involves reading data slowly from a server, consuming its resources over an extended period of time.

  7. SLOW (Slowloris): This is an old method of DDoS attack that keeps HTTP connections open with the target server but sends requests very slowly, eventually overwhelming its capacity to handle concurrent connections.

  8. HEAD: This attack specifically targets the HTTP HEAD method, which retrieves metadata about a resource, and can be used to exhaust server resources or exploit vulnerabilities related to HEAD requests.

Layer 4 Attacks ( Transport Layer )

Layer 4 attacks, also known as transport layer attacks, target the transport layer of the OSI model, which includes protocols such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). These attacks aim to exploit vulnerabilities in the network and transport layers to disrupt or overload a target server or network. Here are some examples of Layer 4 attacks:

  1. TCP Flood Bypass: This attack floods a target server with a high volume of TCP packets, overwhelming its capacity to handle incoming connections or consuming its network resources.

  2. UDP Flood Bypass: Similar to TCP Flood, this attack floods the target server with a high volume of UDP packets, causing network congestion or consuming its resources.

  3. SYN Flood: This attack exploits the three-way handshake process of the TCP protocol by sending a large number of SYN packets to the target server, exhausting its resources and preventing legitimate connections.

  4. CPS (Connection Per Second): This attack involves rapidly opening and closing connections with a proxy server, consuming its resources and potentially causing it to become unresponsive.

  5. ICMP (Internet Control Message Protocol): ICMP flood attacks involve sending a high volume of ICMP echo request packets to a target server, overwhelming its network capacity and potentially causing network latency or downtime. Note that ICMP is a layer 3 protocol, but it can be included in layer 4 attacks.

  6. CONNECTION: This attack aims to keep connections alive with a proxy server, consuming its resources and potentially causing it to become overwhelmed.

  7. VSE (Valve Source Engine Protocol): This attack targets the Valve Source Engine protocol, commonly used in online gaming, by sending malicious packets to disrupt or overload game servers.

  8. Teamspeak 3 (TS3): This attack utilizes the Teamspeak 3 status ping protocol to send a high volume of status ping requests to a Teamspeak server, causing resource exhaustion or disruption.

  9. FiveM (FIVEM): This attack targets FiveM servers, which are used for multiplayer modifications in the game Grand Theft Auto V, by sending status ping requests to overload the server.

  10. Amplification Attacks: These attacks involve leveraging certain protocols or services to amplify the volume of traffic sent to the target, causing network congestion and disrupting services. Examples include Memcached, NTP, DNS, Chargen, CLDAP, Apple Remote Desktop (ARD), and Remote Desktop Protocol (RDP) amplification attacks.

Layer 3 Attacks ( Network Layer )

Layer 3 attacks typically exploit vulnerabilities in network protocols and infrastructure. These attacks may involve manipulating routing tables, forging IP addresses, or exploiting weaknesses in the way networking protocols function.

    1. Network Congestion: Overwhelming the target's network capacity with a high volume of traffic, leading to congestion and potential service degradation.

    2. Fraggle Attack: Overloads the target's resources with a high volume of UDP echo traffic, leading to decreased network performance

    3. DNS Amplification: Abuses DNS resolvers to amplify traffic, overwhelming the target's resources and potentially causing service degradation

    4. SYN/ACK Flood : Floods the target with SYN or ACK packets, exhausting connection resources and causing service disruption.

    5. BGP Route Hijacking: Redirects traffic through a malicious network, facilitating more efficient DDoS attacks and complicating mitigation

    6. Ping of Death: Disrupts target systems by sending malformed ICMP packets, potentially causing crashes or unresponsiveness

    7. Session Hijacking: Attackers intercept and take control of established sessions between two parties, gaining unauthorized access to sensitive information or resources.

    8. Man-in-the-Middle (MitM) Attacks: The attacker secretly intercepts and relays communication between two parties, compromising confidentiality and potentially manipulating data.

    9. Session Fixation: Attackers set or fix the session identifier to a known value, allowing them to hijack a user's session after authentication, leading to unauthorized access.

    10. Denial of Session (DoSes): Overwhelming session establishment or management mechanisms, preventing legitimate users from establishing sessions and disrupting services.

    11. Session Timeout Attacks: Exploiting vulnerabilities in session timeout settings to keep sessions alive longer than intended or forcing premature session termination.

    12. Session Redirection: Forcing a user's session to be redirected to a different destination controlled by the attacker, leading to potential phishing attacks or unauthorized actions.

    13. SSL Stripping: Downgrading a secure HTTPS connection to an unencrypted HTTP connection, exposing sensitive information and compromising data confidentiality.

Layer 5 Attacks (Session Layer)

Layer 5 attacks exploit weaknesses in session management, potentially resulting in unauthorized access, data breaches, or service disruptions. Implementing secure session practices, strong authentication, encryption protocols, and monitoring for suspicious behavior are crucial for mitigation. Regular security audits and updates help maintain a robust defense against Layer 5 attacks.

  1. Session Hijacking: Attackers intercept and take control of established sessions between two parties, gaining unauthorized access to sensitive information or resources.

  2. Man-in-the-Middle (MitM) Attacks: The attacker secretly intercepts and relays communication between two parties, compromising confidentiality and potentially manipulating data.

  3. Session Fixation: Attackers set or fix the session identifier to a known value, allowing them to hijack a user's session after authentication, leading to unauthorized access.

  4. Denial of Session (DoSes): Overwhelming session establishment or management mechanisms, preventing legitimate users from establishing sessions and disrupting services.

  5. Session Timeout Attacks: Exploiting vulnerabilities in session timeout settings to keep sessions alive longer than intended or forcing premature session termination.

  6. Session Redirection: Forcing a user's session to be redirected to a different destination controlled by the attacker, leading to potential phishing attacks or unauthorized actions.

  7. SSL Stripping: Downgrading a secure HTTPS connection to an unencrypted HTTP connection, exposing sensitive information and compromising data confidentiality.

PreviousNetwork Basics Part 2NextAttacking LLM with Prompt Injections

Last updated