Unexplained spikes in web traffic and server resource consumption can be indicators. Regularly monitoring your server performance can help spot anomalies.
A “GET flood” is a type of distributed denial-of-service (DDoS) attack that specifically targets web servers and API endpoints. In a GET flood DDoS attack, an overwhelming number of HTTP GET requests are sent to a targeted server, exhausting its resources and causing it to slow down or become unresponsive, denying service to legitimate users.
What is a DDoS attack?
A distributed denial-of-service attack is a cyberattack that affects the performance or availability of a server, service, website, or network by overwhelming it with a flood of internet traffic. Malicious actors can execute DDoS attacks with thousands or millions of malware-infected devices known as a botnet. Malware enables attackers to control the actions of the devices, which can be directed to send massive amounts of traffic to a targeted system. By exhausting the target’s bandwidth, memory, or processing power, a DDoS attack renders the target unavailable for legitimate traffic, denying service to users. Because the malicious traffic is distributed over hundreds, thousands, or millions of devices, DDoS attacks are difficult to detect and block without the risk of blocking legitimate traffic.
How does a GET flood DDoS attack work?
GET flood attacks take advantage of HTTP, a standard protocol used by web browsers to retrieve resources from a web server. GET requests, a specific type of HTTP method, may be used to fetch HTML pages, API resources, scripts, images, and other content that enables a browser to accurately render a web page or web service. In a GET flood DDoS attack, attackers use a botnet to send massive amounts of GET requests to a targeted web server, overwhelming and exhausting its CPU, memory, or other application functions, like a database. As a result, the server can no longer respond to legitimate requests, resulting in a denial of service.
What are other types of HTTP flood DDoS attacks?
HTTP POST flood attacks are even more effective than HTTP GET flood attacks. In a POST flood attack, attackers repeatedly send POST requests that typically include data for the server to process, consuming more system resources and functionality. Eventually, the server reaches its maximum capacity and is no longer capable of responding, making the website or web application inaccessible.
Slowloris DDoS attacks, another type of HTTP flood, send a large number of partial HTTP requests to a target server, keeping connections open for as long as possible and preventing legitimate users from accessing the server.
HTTP amplification attacks overwhelm the resources of a target web server by spoofing the IP address of the target in requests to publicly accessible web servers that return large responses.
How can GET flood DDoS attacks be mitigated?
Like other HTTP flood attacks, GET flood attacks are difficult to detect because the GET requests are technically valid and correct requests that appear to be legitimate traffic. Detection becomes harder as the volume of HTTP requests increases. Businesses may use web application firewalls (WAFs) and DDoS mitigation services that offer application-layer (Layer 7) DDoS protection to detect and filter out malicious network traffic. This can be accomplished by analyzing incoming requests before they reach a web server, using technology that automatically detects abnormal patterns to identify a flood attack. Once attack traffic has been identified, any request associated with it can be locked or discarded.
What are other types of DDoS attacks?
DDoS attacks typically target one or more layers of the Open Systems Interconnection (OSI) model
- Application-layer attacks (Layer 7) are designed to make applications unavailable by overwhelming server resources (databases, memory, CPU) in the application layer to flood a targeted server with traffic.
- Presentation-layer attacks (Layer 6) typically involve some type of SSL/TLS negotiation abuse. This can cause impact to systems that are designed to control the SSL/TLS key management infrastructure and offload. Although not as common as Layer 7 attacks, these events can cause significant impact to a large range of application resources because they are configured in aggregation.
- Transport-layer attacks (Layer 4) attempt to overload network infrastructure by targeting network protocols like the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) with overwhelming amounts of traffic. Examples of Layer 4 attacks include UDP floods, SYN floods, and amplification attacks.
- Network-layer attacks (Layer 3) overload routers, switches, and other network infrastructure devices by flooding them with IP packets designed to consume processing power and bandwidth. Common Layer 3 attacks include IP fragmentation and ICMP floods.
Stop GET flood DDoS attacks with Akamai
Akamai secures and delivers digital experiences for the world’s largest companies. By keeping decisions, apps, and experiences closer to users — and attacks and threats farther away — we enable our customers and their networks to be fast, smart, and secure.
Our end-to-end DDoS and DoS protection solutions provide a thorough approach that serves as the first line of defense. With dedicated edge, distributed DNS, and network cloud mitigation strategies, our anti-DDoS technologies prevent collateral damage and single points of failure to provide our customers with increased resiliency, dedicated scrubbing capacity, and higher quality of mitigation.
App & API Protector provides powerful protections with customer-focused automation. While this solution offers some of the most advanced application security automation available today, it remains simple to use. A new adaptive security engine plus industry-leading core technologies enable DDoS protection, API security, bot mitigation, and a web application firewall in an easy-to-use solution.
Prolexic stops DDoS attacks with the fastest and most effective defense at scale. Offering a zero-second SLA for DDoS defense, Prolexic proactively reduces attack services and customizes mitigation controls to network traffic to block attacks instantly. Having a fully managed SOCC complements your existing cybersecurity programs and will help augment your time to resolution with industry-proven experiences.
Edge DNS prevents DNS outages with the largest edge platform, enabling organizations to count on guaranteed, nonstop DNS availability. A cloud-based solution, Edge DNS ensures 24/7 DNS availability while improving responsiveness and defending against the largest DDoS attacks.
Frequently Asked Questions (FAQ)
Yes, even small websites can fall victim to GET flood attacks. Attackers often target any vulnerable online entity.
Indeed, there are various DDoS attack types, including SYN floods, UDP floods, and application-layer attacks.
Tracing the exact origin can be challenging, as attackers often use multiple compromised devices to launch their attacks.
While a firewall is a crucial component of defense, a comprehensive DDoS protection strategy usually involves multiple layers of security measures.
Yes, launching DDoS attacks is illegal in many jurisdictions and can lead to severe legal penalties.
Why customers choose Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.