OSI is also called the network seven-layer protocol. There are 7 layers in total, and each layer can have several sublayers. The 7 layers of OSI from top to bottom are: 7 application layer, 6 presentation layer, 5 session layer, 4 transport layer, 3 network layer, 2 data link layer, 1 physical layer. The upper layers (7, 6, 5, 4) define the functions of the application, and the following 3 layers (3, 2, 1) are mainly oriented to the end-to-end data flow through the network. DDoS attacks are classified according to the OSI layer they attack. Although there are seven layers in total, only three layers are targeted during the DDoS attack: layer 3, layer 4, and layer 7.
1. Layer 3 attack
In the OSI model, layer 3 is the network layer. The focus of the layer 3 attack is to saturate the bandwidth of the target site so that the site cannot be used. The size of the attack is measured in bits per second (Bps). include:
UDP flooding attack: UDP flooding will occupy host resources and cause the site to be inaccessible.
ICMP flooding: also known as "ping flooding". Sustained and outgoing bandwidth is affected by this type of attack, resulting in overall system slowdown.
UDP flooding attack: UDP flooding will occupy host resources and cause the site to be inaccessible.
ICMP flooding: also known as "ping flooding". Sustained and outgoing bandwidth is affected by this type of attack, resulting in overall system slowdown.
2. Layer 4 attack
The fourth layer of the OSI model is related to the transmission protocol. The goal of the layer 4 attack is to take up server resources, or firewall and load balancer resources. It is measured in packets per second. include:
SYN flood: maliciously occupy resources and refuse the service of legitimate users.
Death Ping: Overflow of memory buffer, resulting in crash, restart, and denial of service to legitimate users.
Reflection attacks: One of the most catastrophic types of attacks. Attacks may involve thousands of computers, all of which ping data back to a single target, resulting in massive slowdowns and denial of service.
SYN flood: maliciously occupy resources and refuse the service of legitimate users.
Death Ping: Overflow of memory buffer, resulting in crash, restart, and denial of service to legitimate users.
Reflection attacks: One of the most catastrophic types of attacks. Attacks may involve thousands of computers, all of which ping data back to a single target, resulting in massive slowdowns and denial of service.
3. Layer 7 attack
Layer 7 is the application layer and the layer closest to the user. These attacks are more complicated because they mimic human behavior and interact with the user interface. They target vulnerabilities in OpenBSD, Windows, Apache and other software by using requests that seem legitimate to crash Web servers. The size of the application layer attack is measured by the number of requests per second. include:
Slowloris: Keep all connections open, which will overload the maximum concurrent connection pool and cause denial of service.
HTTP flooding: Use seemingly legitimate HTTP GET or POST requests to attack servers or applications. This attack requires less bandwidth.
Slowloris: Keep all connections open, which will overload the maximum concurrent connection pool and cause denial of service.
HTTP flooding: Use seemingly legitimate HTTP GET or POST requests to attack servers or applications. This attack requires less bandwidth.
comment