HTTP Flood: A type of attack in which HTTP GET or POST requests are used to attack the web server.This attack exploits weaknesses in the TCP connection sequence, known as a three-way handshake. SYN Flood: A succession of SYN requests is directed to the target’s system in an attempt to overwhelm it.UDP Flood, TCP Flood, NTP Amplification and DNS Amplification are some examples. Volumetric attacks are easy to generate by employing simple amplification techniques, so these are the most common forms of attack. Volumetric Attacks send high volumes of traffic in an effort to saturate a victim’s bandwidth. Syn Flood and Ping of Death are some examples. Such attacks consume all the processing capacity of the victim or other critical resources (a firewall, for example), resulting in service disruption. Protocol Based Attacks focus on exploiting a weakness in Layers 3 or 4 of the protocol stack. These attacks exploit a weakness in the Layer 7 protocol stack by first establishing a connection with the target, then exhausting server resources by monopolizing processes and transactions. The goal of DoS or DDoS attacks is to consume enough server or network resources so that the system becomes unresponsive to legitimate requests:Īpplication Layer Attacks go after web applications, and often use the most sophistication.