HTTP Flood
An HTTP flood attack is a type of volumetric distributed denial-of-service (DDoS) attack designed to overwhelm a targeted server with HTTP requests. Once the target has been saturated with requests and is unable to respond to normal traffic, denial-of-service will occur for additional requests from actual users.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| DarkComet | malware | 2012 | Crypto-DarkComet-Report.pdf
|
| APT28 | threat actor | 2008-2016 | APT28-Center-of-Storm-2017.pdf
CYBERWAR-fd_2_.pdf JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf journey-zebrocy-land threat-group-4127-targets-hillary-clinton-presidential-campaign stamp.jsp?tp=&arnumber=7460498&tag=1 |
| Lazarus Group | threat actor | 2011-2014 | Operation-Blockbuster-Report.pdf
Operation-Blockbuster-RAT-and-Staging-Report.pdf Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf Operation-Blockbuster-Destructive-Malware-Report.pdf |
Preventions
Mitigating layer 7 attacks is complex and often multifaceted. One method is to implement a challenge to the requesting machine in order to test whether or not it is a bot, much like a captcha test commonly found when creating an account online. By giving a requirement such as a JavaScript computational challenge, many attacks can be mitigated.
Detections
Avenues for stopping HTTP floods include the use of a web application firewall (WAF), managing an IP reputation database in order to track and selectively block malicious traffic.
Toolkit
<Toolkit instructions, if applicable>