| Layer |
Type |
AV |
Description |
Network |
TCP |
SYN flood |
TCP-based flood attack, abusing the 3-way handshake. Sending multiple TCP packets with respective TCP flags. |
| Tsunamy SYN flood |
| SYN-ACK flood |
| ACK flood |
| RST flood |
| PSH flood |
| FIN flood |
| URG flood |
| ACK/FIN flood |
| PUSH/ACK flood |
| ACK/RST flood |
| URG/RST flood |
| URG/SYN flood |
| URG/RST/SYN/FIN flood |
| ACK/PUSH/RST/SYN/FIN flood |
| URG/ACK/PUSH/RST/FIN flood |
| URG/ACK/PUSH/RST/SYN Flood |
| URG/ACK/PUSH/SYN/FIN Flood |
| URG/ACK/RST/SYN/FIN Flood |
| URG/PUSH/RST/SYN/FIN Flood |
| URG/FIN flood |
| URG/PUSHf flood |
| ACK/PUSH/FIN flood |
| ACK/PUSH/RST flood |
| ACK/PUSH/SYN flood |
| ACK/RST/FIN flood |
| ACK/RST/SYN flood |
| ACK/SYN/FIN flood |
| PUSH/RST/FIN flood |
| PUSH/RST/SYN flood |
| PUSH/SYN/FIN flood |
| RST/SYN/FIN flood |
| URG/ACK/FIN flood |
| URG/ACK/PUSH flood |
| URG/ACK/RST flood |
| URG/ACK/SYN flood |
| URG/PUSH/FIN flood |
| URG/PUSH/RST flood |
| XMAS flood |
| TCP Middlebox Reflection flood |
TCP-based flood that abuses security flaws in network middleboxes |
| Fragmented ACK flood |
ACK flood while the IP packets are fragmented so the PPS rate is higher than in a regular attack |
UDP |
DNS Garbage flood |
UDP flood with malmformed data targeting port 53 |
| NTP flood |
UDP flood with malmformed data targeting port 123 |
| Fragmented UDP flood |
UDP flood while the IP packets are fragmented so the PPS rate is higher than in a regular attack |
| Reflective DNS flood |
UDP-based attacks that abuse network components with security flaws, which makes them sending amplified attacks to a victim target |
| Reflective CHARGEN flood |
| Reflective Memcache flood |
| Reflective SIP flood |
| Reflective SSDP flood |
| Reflective DHCPDiscover flood |
| Reflective SADP flood |
| SNMP Reflection flood |
| CoAP Reflection flood |
| STUN Reflection flood |
IP |
ICMP flood |
Bandwidth floods that abuse different IP protocols |
| Ping of Death |
| IGMP flood |
| ESP flood |
| AH flood |
| GRE flood |
| IPv4-in-IPv4 flood |
| IPv6-in-IPv4 flood |
Special techniques |
Carpet Bombing |
Network flood against an entire subnet. For example, against /24 subnet |
| Hit and Run |
Network attack that is performed by short bursts that repetitively inflict the target. This technique aims to avoid detection by the risk mitigation |
| |
Web |
HTTP GET flood |
HTTP requests flood, by using one of the HTTP methods |
| |
HTTP POST flood |
| |
HTTP HEAD flood |
| |
HTTP OPTIONS flood |
| |
HTTP PUT flood |
| |
HTTP DELETE flood |
Application |
HTTPS GET flood |
HTTPS requests flood, by using one of the HTTP methods |
| HTTPS POST flood |
| HTTPS HEAD flood |
| HTTPS OPTIONS flood |
| HTTPS PUT flood |
| HTTPS DELETE flood |
| HTTPS Login flood |
HTTPS flood against a login endpoint, by using multiple credentials, saturating the DB's resources |
| HTTPS Search flood |
HTTPS flood against a search endpoint, by using multiple credentials, saturating the DB's resources |
| HTTPS Randomized path flood |
HTTPS flood against a hostname, while putting malmformed, randomly generated path in every request |
| HTTPS Randomized parameters flood |
HTTPS flood against an endpoint with an existing parameter. The attack includes puting a random value in every request. That's a cache busting attack vector |
| HTTPS Randomized HTTP headers flood |
HTTPS flood with random number and values of HTTP headers. Its objective is to bypass signature-based risk mitigations |
| HTTPS Randomized Cipher-Suites |
HTTPS flood with different client TLS fingerprints. It randomizes the JA3 and JA4 signatures of the requests |
| HTTP/2 Rapid Reset |
HTTP/2 protocol abuse by sending requests and shuttnig them off before their completion. It allows an attacker to amplify their HTTPS request volume |
| HTTP flood Direct-to-Origin |
HTTP against the origin IP, bypassing the proxy service |
| HTTPS flood Direct-to-Origin |
HTTPS against the origin IP, bypassing the proxy service |
| HTTPS multiple URI flood |
HTTPS flood that targets multiple, existing paths |
Browser engine support |
HTTP flood with JS support |
HTTP flood with a tool that supports Javascript |
| HTTS flood with Cookie support |
HTTP flood with a tool that can recieve and send cookies |
| HTTPS flood with JS support |
HTTPS flood with a tool that supports Javascript |
| HTTPS flood with Cookie support |
HTTPS flood with a tool that can recieve and send cookies |
Low and Slow |
Slow Read |
Low & slow attack that fetches specfic content very slowly from the server. It keeps hte connection between the client and server open for a long time, saturating the server's resources, which requires it to hold multiple connections at the same time |
| Slow POST |
Low & slow attack that uploads content very slowly to the server. It keeps hte connection between the client and server open for a long time, saturating the server's resources, which requires it to hold multiple connections at the same time |
| TLS renegotiation |
Low & slow attack where the client opens TLS sessions and constantly requests to renegotiate the encryption keys with the server. It saturates the server's resources |
| HTTP/2 continuation flood |
Low & slow attack where the attacker abuses the HTTP/2 framing syntax, making lots of never-ending requests streams, thus keeping the connection between the client and server open, causnig resources saturation to the server |
Volumetric-applicative |
Large File Download |
Low-request-rate application attack, where an attacker pulls a large file from the victim server, causing uplink pipe saturation. This AV is useful for avoiding rate limit detection |
| Large File Download with randomized parameters |
Large File Download with a randomized parameter attack that's meant to bust the caching mechanism provided by a CDN |
| Large File Upload |
Low-request-rate application attack, where an attacker sends requests with large body size to the victim server, causing downlink pipe saturation. This AV is useful for avoiding rate limit detection |
DNS |
DNS Query flood |
An attacker sends the same DNS query multiple times against the DNS server, causing resource saturation |
| DNS Dictionary flood |
An attacker sends lots of different DNS queries to the victim DNS server, causing resource saturation |
| TLS |
TLS flood |
An attacker performs multiple TLS client hello requests against the victim server. Since the server will respond with server-hello and begin the encryption sequence, it may reach resource saturation |
| |
|
|
| |
|
|
| |
|
|
