Multiple get requests to a specific resource which need resources to generate the response might lead to a DoS/DDoS condition.
HTTP POST DDoS
Client tells the web server how large the
message body is,say, “Content-Length = 800” but is sent with huge
latency say 1 byte per 100 seconds.
Load balancers
Reverse Proxies
Attacker ---- Reverse Proxy ---- Original Server
Reverse Proxy serves the resources hiding original Web Server
Delayed binding
TCP slicing
Monitoring Header, request patterns
Malware/Bots/Scripts have a specific request patterns unlike human.
Cookies
Captchas
Invalid User-Agents, same packet size, dynamic referrers
Detection of rotating IP Addresses, User-Agent's, Referrers
Apache Mitigation mechanisms
mod_reqtimeout
LimitRequestBody directive
mod_antiloris
Akamai provides a real-time mapping info
http://www.akamai.com/html/technology/dataviz1.html
I agree with a lot of the points you made in this article. I appreciate the work you have put into this and hope you continue writing on this subject. Great content about http. oracle fusion scm online training
ReplyDeleteGreat article! HTTP-based DDoS attacks are particularly tricky since they mimic legitimate traffic. The focus on filtering and identifying malicious requests is crucial for maintaining service availability.
ReplyDeleteDubai DMC
Singapore DMC
Malaysia DMC
Bali DMC
Azerbaijan DMC
Really helpful read! It’s interesting how modern mitigation relies heavily on distinguishing between legitimate users and bots rather than just blocking traffic blindly.
ReplyDeleteOracle Fusion SCM Training
Salesforce Sales Cloud Certification Training
SAP IS Utilities Training
SAP BRIM Training
SAP Document and Reporting Compliance (DRC) Training
Six Sigma Green Belt Training
SailPoint Identity Security Cloud (ISC) Training