HTTPÂ Flood is a type of DDoS attack that belongs to the application attacks family. During the attack, the attacker sends an HTTP GET or POST requests to an application or a web server.
The requests sent seem legitimate containing a valid header and a correct and complete message. However, the message body sent at an extremely slow rate is what causes the targeted server to try to obey it for a very long time. Sending a large number of these requests, each establishing a connection, makes other legitimate incoming connections impossible.
Notes:
- This attack does not require a large bandwidth to bring the target down. However, it requires understing the targeted application or site.
- The legitimacy of the requests sent makes the attack harder to detect and block.