Disadvantages of HTTP GET/POST Flooding Attack?

Question

I asked about What is HTTP GET/POST Flooding Attack? recently and I got a few detailed answers about what they are and how they work.

Now I want to find out what are the disadvantages of them.

Answer 1

Main disadvantages (for the attacker) of that kind of flooding attack are:

• Traces. If the attacker is doing the HTTP requests himself, then he must first establish a working TCP connection, i.e. one where he can receive response packets. Therefore, his IP address will appear in the logs of the target server. (Alternative is to predict TCP sequence numbers for new connections, which is nigh infeasible with modern operating systems which use decent random generators for that.) Launching the attack while avoiding retribution implies using many relay systems, which are expensive to gather, especially since most will be "burned" (revealed as relays) in the process. This contrasts with SYN floods in which the attacker can use fake, random, non-incriminating source addresses for his packets.

• Scale. Serving a typical HTTP request is not very expensive for a Web server, which does that all day long. To drown it under the influx of requests, the attacker has to muster a substantial workforce, especially with regards to network bandwidth; he will not flood the server with 3 or 4 PC, rather 300 or 400 at least. Flooding is about who, between target and attacker, will have the biggest network and the fastest CPU.

• Duration. As soon as the attack ceases, the target server becomes fully operational again. It is hard to obtain long-lasting effects. But the longer the attack runs, the easier it becomes for law enforcement agencies to pinpoint the perpetrator.

• Cheesiness. Flooding is the level zero of attacks. It is brutal and inelegant. It has no finesse. If the attacker runs the attack in order to gain some prestige among his fellow attackers, this might backfire (floods are for script kiddies).

Answer 2

It all depends on what you class as an "disadvantage" of such an attack, because it all depends on which end of the attack you're on. I'll assume you mean from an attacker's perspective, since that's the only way I can envision this question making sense.

The primary two disadvantages are based on monitoring and mitigation. HTTP traffic is heavily monitored by firewall / IDS / IPS infrastructure across most networks, and is likely to trigger alerts much faster than other DoS traffic. There are also many products and services tailored to mitigating HTTP DoS attacks, e.g. CloudFlare. As such, most DoS protection is focused around keeping the HTTP server accessible to legitimate clients. Alternative DoS mechanisms (e.g. HTTPS flood, SSH flood, SMTP flood, DNS flood, etc.) may be harder to block and monitor, since less networks tend to implement stringent monitoring and mitigation mechanisms for those services.

In terms of mitigation, all network traffic (especially rates) regardless of protocol should be monitored, and proper protection processes and mechanisms should be implemented. That way there's always at least a minimal layer of protection against DoS attacks at the IP layer.

Answer 3

When somebody floods with requests your server won't be able to serve all the customers, that is failing to serve the real customer. If you know Denial of Service attacks you can understand quickly. If you don't to just take a look at DoS attack.

Disadvantages. What happens if the your shopping website or favorite social networking site not accessible when you need it? What happens when you need to send a mail, but you can't login to the mail account all the time? Answer is simple. You will change the service provider. Similar like When you don't have enough voice clarity on your cell phone and messages are not delivered properly you will change your service provider. The effect is financial loss for the company, slow service and all. A small disadvantage for the one who floods or attacks. It is a criminal offense under cyber law. Remember prisons are also capable of accepting cyber criminals.