adimas - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Do network layer and application layer DDoS attacks differ?

Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects.

A distributed denial of service, or DDoS, attack is a method to bring down a service by sending a flood of legitimate or illegitimate requests from multiple source devices. The goal is to overwhelm the target device so that it can no longer operate normally. Let's examine two: network layer and application layer DDoS attacks.

Network DDoS attacks attempt to overwhelm the target by overtaxing available bandwidth. Network DDoS protections formerly were implemented at the network edge -- typically, using next-gen firewalls and intrusion prevention systems. But, even with DDoS protections in place, a large-scale bot network can quickly overwhelm the edge.

Today, it's more common for enterprises to tap into the resources of a cloud security service engineered with a high-capacity network expansive enough to handle massive amounts of data in the event a DDoS attack occurs. Because the service can handle the bandwidth capacity without the threat of its resources succumbing to overutilization, it can successfully identify and scrub DDoS traffic while passing on legitimate traffic to your servers. This architecture moves the threat of a bottleneck closer to the source of the attack where it can be better handled without interruption.

How application layer attacks work

Application layer DDoS attacks, on the other hand, don't target network bandwidth. Instead, they strike the application (Layer 7 of the OSI model) running the service end users are trying to access. To that end, the server, server application and back-end resources are the main target. The goal of these attacks is to consume the resources of a specific service, thus slowing it or stopping it altogether.

Application layer DDoS attacks are trickier to identify and mitigate compared to a network layer DDoS attack. Common methods include the use of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) tests to validate bots from humans. Additionally, the use of a web application firewall (WAF) is a great way to protect against more sophisticated application DDoS attacks. The purpose of a WAF is to use various signatures to discern between normal human requests and those sent from bots. A WAF can be deployed either on premises or through a third-party cloud security service provider.

This was last published in September 2019

Dig Deeper on DDoS attack detection and prevention