OSI is also called the network seven-layer protocol. There are 7 layers in total, and each layer can have several sublayers. The 7 layers of OSI from top to bottom are: 7 application layer, 6 presentation layer, 5 session layer, 4 transport layer, 3 network layer, 2 data link layer, 1 physical layer. The upper layers (7, 6, 5, 4) define the functions of the application, and the following 3 layers (3, 2, 1) are mainly oriented to the end-to-end data flow through the network. DDoS attacks are classified according to the OSI layer they attack. Although there are seven layers in total, only three layers are targeted during the DDoS attack: layer 3, layer 4, and layer 7.
1. Layer 3 attack
UDP flooding attack: UDP flooding will occupy host resources and cause the site to be inaccessible.
ICMP flooding: also known as "ping flooding". Sustained and outgoing bandwidth is affected by this type of attack, resulting in overall system slowdown.
2. Layer 4 attack
SYN flood: maliciously occupy resources and refuse the service of legitimate users.
Death Ping: Overflow of memory buffer, resulting in crash, restart, and denial of service to legitimate users.
Reflection attacks: One of the most catastrophic types of attacks. Attacks may involve thousands of computers, all of which ping data back to a single target, resulting in massive slowdowns and denial of service.
3. Layer 7 attack
Slowloris: Keep all connections open, which will overload the maximum concurrent connection pool and cause denial of service.
HTTP flooding: Use seemingly legitimate HTTP GET or POST requests to attack servers or applications. This attack requires less bandwidth.