Application Layer Attacks

An application layer DDoS attack overloads specific functions or features of a website with the intent to disable them, crash the application or take the site down. Infrastructure layer based attacks account for a large share of DDoS activity. In Q1 2015, application layer DDoS attacks accounted for less than 10% of all activity, while the infrastructure layer experienced 90% of DDoS attacks. However, the use of attack scripts that leverage open proxies on the Internet may pave the way to an increase in application-based DDoS attacks going forward.

Application layer attacks are hard to prevent and protect against with edge security devices, as application context is generally required for appropriate mitigation. LoadMasters that are in the critical data path and have knowledge of the application and network are well suited to provide application centric DDoS/DoS protection, due to the following features:

  • Network processing engine
  • WAF engine and subscription rules
  • Whitelist/blacklists
  • High capacity connection ability
  • Content switching
  • SSL/TLS termination and SSL/TLS validation
  • Global Server Load Balancing (GSLB)
  • HTTP/HTTPS proxying