• 2010
• 2009

Introduction

DDOS attacks can be classified as Network Layer or Application Layer attacks. In a Network layer attack, the attacker floods the victim network with packets of forged random IP addresses. The challenge for the defender with this type of attack is the bad traffic volume: the defending system must be able to handle millions of incoming IP addresses, sorting out valid packets from attacking packets.  Application Layer attacks target specific vulnerabilities in the application layer. The challenge with this type of attack is that a well structured attack can so easily look like a legitimate session. An Application Layer attack uses the correct application handshake and establishes proper connections and data request, making the attacker seem like a normal application client. Since these attacks are engineered to look like normal requests from a real client, it is hard to tell the difference between an attacking bot and your best customers browsing your site for a long time duration while drinking a lot of coffee. This Application Note describes a new approach by RioRey to address Application Layer DDOS attacks.  Application Layer attacks are devastating to web services because a small number of attacking BOTS can bring down most small and medium size ecommerce servers. BOTs for TCP port 80 related application layer attacks are now widely available and have attacking methods such as:

• AN090507_Application_Attacks.pdf