DDoS Quick Guide comprises public domain material from the U.S. Department of Homeland Security.
DDoS Quick Guide
DISCLAIMER: This advisory is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. The DHS does not endorse any commercial product or service, referenced in this advisory or otherwise. Further dissemination of this advisory is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see http://www.us-cert.gov/tlp/.
Attack Possibilities by OSI Layer
OSI Layer Protocol Data Unit (PDU)
Layer Description
Protocols Examples of Denial of Service
Techniques at Each Level
Potential Impact of DoS
Attack
Mitigation Options for Attack Type
Application Layer (7)
Data Message and packet creation
begins. DB access is on
this level. End- user protocols
such as FTP, SMTP, Telnet, and RAS work at this layer
Uses the Protocols FTP, HTTP, POP3, & SMTP and its device is the
Gateway
PDF GET requests, HTTP
GET, HTTP POST, =
website forms (login,
uploading photo/video,
submitting feedback)
Reach resource limits of services
Resource starvation
Application monitoring is
the practice of monitoring
software applications
using a dedicated set of algorithms, technologies,
and approaches to
detect zero day and application layer (Layer 7 attacks). Once
identified these attacks can be stopped and
traced back to a specific
source more easily than
other types of DDoS attacks
Presentation Layer (6)
Data Translates the data format
from sender to receiver
Uses the Protocols
Compression & Encryption
Malformed SSL Requests --
Inspecting SSL encryption packets is resource intensive.
Attackers use SSL to tunnel
HTTP attacks to target the
server
The affected systems could stop accepting
SSL connections or automatically
restart
To mitigate, consider
options like offloading the SSL from the
origin infrastructure and inspecting the application traffic for signs
of attacks traffic or
violations of policy at an applications
1
https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf
OSI Layer Protocol Data Unit (PDU)
Layer Description
Protocols Examples of Denial of Service
Techniques at Each Level
Potential Impact of DoS
Attack
Mitigation Options for Attack Type
delivery platform (ADP).
A good ADP will also ensure
that your traffic is then reencrypted
and forwarded back to the
origin infrastructure
with unencrypted content only