Application Layer DDoS Attacks

How Are Application Layer DDoS Attacks Carried Out?

In this type of attack, API servers are targeted and taken out of service by exhausting server resources. Even without a login, a request received from a client by an API server can often cause it to make database queries or other API calls.

In this situation, if the request coming to the server is made via a botnet attack, its impact is amplified and the server can be prevented from responding. Let us consider a web server that requires login — when you make a request, you are asked for a username and password. This request waits on the server and consumes very few resources. However, many queries are sent to the database during this process. Even if the login attempt fails, a server receiving requests from a botnet network can become unable to respond to hundreds of thousands of login operations.

How Can Application Layer DDoS Attacks Be Mitigated?

Stopping or mitigating this type of attack is a very difficult task. You are forced to distinguish between attack traffic and genuine traffic. Especially in situations where an HTTP FLOOD attack is being carried out against the victim’s server, every incoming request can appear legitimate — because the first step has been taken and it arrives in the same way as real traffic.

Generally, traffic limiting operations based on specific rule sets are used. It becomes necessary to develop custom strategies and use security applications such as WAF. Even if your network traffic can handle very large volumes, your application server will have difficulty performing these operations.

Another commonly used method is the use of CAPTCHA for operations such as logging in. Similar tests can also be performed during account creation processes to mitigate many attacks.