To understand what a layer 7 DDoS attack is you must first understand what is meant by the application layer. For that matter it wouldn’t hurt to actually understand how they function and and what the hell this whole “layer” thing is. There isn’t much to do but to continue, so I suppose I should get on with it.
There are seven layers in total, each fulfilling its own purpose in a connected networking framework called the Open System Interconnection Model. The short version being referred to as the OSI Model.
In a nutshell, the OSI model is separated into seven layers that transport data up and down the chain, from the user, all the way to the physical server and back again. Each layer is its own protocol, responsible for carrying out its assigned function.
Here is an example of the OSI Model:
And here is the breakdown of the function of each layer:
As you can see from the model, Layer 7 is the application layer, the place where data both originates and returns. When you clicked into this article, this entire series of events occurred in the background.
How DDoS Attacks Exploit Layers In The OSI Model
There are three types of DDoS attacks that you see splashed across the headlines the most. First, let me describe the two below the seventh layer — Layer 3 and Layer 4 DDoS attacks.
Layer 3 / 4 DDoS attacks
The majority of DDoS attacks focus on targeting the transport and network layers. These types of attacks are usually comprised of volumetric attacks that aim to overwhelm the target machine, denying or consuming resources until the server goes offline. In these types of DDoS attacks, malicious traffic (TCP / UDP) is used to flood the victim. Taking it one step further, these attacks also drive to saturate the entire network with malicious traffic until it is rendered temporarily obsolete. While these types of attacks can be a disruptive force for businesses, once the attack ceases or has been mitigated, there is no lasting damage.
Layer 7 DDoS attacks
Application-layer DDoS attacks are a bit more complicated. Layer 7 DDoS attacks are some of the most difficult attacks to mitigate against because they mimic human behavior as they interact with the user interface. A sophisticated Layer 7 DDoS attack may target specific areas of a website, making it even more difficult to separate from normal traffic. For example, some types of Layer 7 DDoS attacks will target website elements, like your logo or a button, and repeatedly download resources hoping to exhaust the server. Still another example is when an attacker targets a download on a website and proceeds to go through the process I just described above.
Here is the short definition of a Layer 7 DDoS attack:
A Layer 7 DDoS attack uses the seventh protocol of the OSI Model to target the application interface, in the process mimicking real, human behavior that is harder to detect and mitigate.
How To Fight A Layer 7 DDoS Attack
Mitigating against a complex Layer 7 attack is nearly impossible without having sufficient resources; most notably some type of anti-ddos software / hardware that makes it possible to trace the attack traffic and filter it away. The cost for a service provider, in terms of investment, easily runs into the hundreds of thousands of dollars. For larger DDoS mitigation companies the cost is even higher.
Here are some of the ways to stop a DDoS attack:
- Block spoofed TCP attacks before they enter your network.
- Don’t let dark address packets pass your perimeter.
- Block unused protocols and ports.
- Limit the number of access per second per source IP.
- Limit numbers of concurrent connections per source IP.
- Filter foreign TCP packets.
- Do not forward packets with header anomalies.
- Monitor self similarity in traffic.
- Keep unwanted guests away.
- Use specialized DDoS mitigation equipment.
Protecting your network from a complex Layer 7 DDoS attack can take considerable resources and a hefty upfront investment. This investment must cover hardware (DDoS attack appliance) and software (Network Behavior Analysis equipment), not to mention the personnel.
You’re much better off trusting your protection to a mitigation provider, especially if your company is targeted by these types of attacks or you operate in a high-risk industry.
Layer 7 DDoS Attacks On The Rise
The sophistication and volume of complex Layer 7 DDoS attacks is on the rise, according to security researchers from companies like Rivalhost and Prolexic. The State of the Internet Report, published by Akamai, reported an increase of 54% in DDoS attacks in the first quarter of 2013. Numbers are definitely trending upward. In fact, look what’s going on right now…