A guide to HTTP floods: what they are, and what it means to get hit with one

The umbrella that is the term DDoS attack encompasses a wide range of assault types. Some DDoS attacks are big and bruising, some are small but clever, some are new and novel, and some are about as old as cybercrime itself.

Image credit: geralt via Pixabay, CC0 Creative Commons

All types of DDoS attacks tend to get lumped in together. This is understandable, since business and website owners as well as security professionals tend to not have all day to discuss the nuances of different distributed denial of service attack types. However, some attack types simply deserve more attention than others, and the cunning and conniving HTTP flood is one of them.

Facts about floods

The HTTP flood is a type of DDoS attack that is aimed at the application layer of the target website or service. Generally speaking, network layer attacks tend to be the big volumetric attacks that make a target site or service unavailable by eating up available bandwidth, while application layer attacks are the more clever variety that use strategy to exhaust server side resources.

To do this, HTTP floods use HTTP requests, either GET requests that ask the server for static content components or POST requests that ask for dynamic content components. POST requests tend to be the most effective since dynamically generating content or resources is a complex process for a server, but GET requests are simple for the attacker to generate and the resulting GET-based attack can be more easily scaled up with a botnet. Regardless of which type of request is being used, attackers use HTTP floods to request the most resource-intensive components of the target website in order to most effectively exhaust the server.

The worst thing about HTTP floods

DDoS attacks are depressingly common, so a lot of the time when a business or website gets hit with one, the one silver lining is that it very well could have been a random attack and there’s no reason to think anyone has a vendetta against you. However, if your business or website is targeted by an HTTP flood, it means that either the attacker behind it or the person who hired the attacker has taken a specific interest in taking down your online service.

HTTP floods tend to be successful because they target the resource-heavy components of a website, as discussed above, and the only way these attacks can do so is if the person behind them has specifically researched that website to find those components. These are not attacks that would ever come from a standard DDoS-for-hire service; these are attacks that indicate someone has an axe to grind.

Building the dam

HTTP floods present two distinct and significant challenges when it comes to detection and therefore mitigation. Firstly, since they use legitimate requests, they’re tough to tell apart from real traffic. Secondly, because they can accomplish so much with so little traffic volume, they stymy rate-based detection as well.

These are the types of attacks professional DDoS mitigation services are built to handle, especially considering that HTTP floods indicate that a targeted website is likely going to be targeted again and again. Detecting HTTP floods requires a combination of advanced traffic profiling and progressive security challenges that can differentiate between botnet traffic and legitimate traffic. From there, it’s simply a matter of bouncing the attack traffic to a network of scrubbing servers while actual visitors are sent through to the website. Complicated as this may be, it’s all business as usual for leading cloud-based mitigation services. Dealing with all DDoS attacks is business as usual for leading mitigation services, really, but some attacks simply need a little extra attention. HTTP floods are one of them.


Comment this news or article