The trend across the year shows some intriguing, and dramatic, dips in layer 7 DoS activity. The dips in the chart are around the following dates: January 30, February 21 (Mardi Gras), March 20 (attackers recovering from St. Patrick's Day?), April 22 (did attackers take Earth Day off, or did people switch off their home machines making botnets smaller for a day?), May 29 (Memorial Day weekend), June 28 (just before July 4).
We should tell people to turn their PCs off when they're not using them - not to save power, but to reduce the total number of bots in the botspace available to attackers.
I don't, unfortunately, have statistics on the type of devices involved in these attacks because we currently don't keep them. I'll ask if we can start keeping track.
Interestingly, visiting cloudflare from Germany get's me redirected to de.cloudflare.com, which, being down (according to the site itself) seems quite funny to me.
Wanted to take a look around, encountered site down and tested with chrome (adblock plus and ghostery activated) and firefox 15 (clean).
hope nothing serious. I really love reading these accounts, as they show, what can be done to protect sites from malicious requests.
I've had these only a few times over the years mainly back in the day for some of the reasons you mentioned. At this point I can't even remember the last time I encountered one.
For reference, for anyone interested (based on your comment), I just pulled this up relative to Mac OSX:
Very few protocols fully or properly implement the entire 7 layer OSI stack. Most times you see layers 3-5 lumped together. The way that they are looking at it is that the application (a browser, something else?) is being used to generate HTTP requests. So while it's technical accurate to say that because a browser or other application is acting as an HTTP client, the attack itself it not at layer 7 because they are receiving the attachs on layers 3 and 4 on their side.
Where the article says "But layer 7 attacks, where the attacker actually connects to our hardware using TCP and makes apparently valid HTTP requests are another matter"
Those would be layers 3 and 4.
Mis-communication and outright wrong communication about layer 7 in networking has been rampant for years.
Someone stole my copy of Comer, so I'll have to go from memory, but HTTP would best correspond to layers 5-7 IIRC.
On the other hand it's stupid to use OSI layers when talking about the internet since the internet has its own, well defined, terminology for layers. In that case HTTP is clearly at the Application layer.
The layer of HTTP is either "layer 7" (OSI) or "application layer" (Internet Protocol Suite). The article would be correct to call HTTP either of those. "Layer 4" is incorrect terminology for HTTP (and is not even mentioned in the RFC you linked).
We should tell people to turn their PCs off when they're not using them - not to save power, but to reduce the total number of bots in the botspace available to attackers.
But then what to do about iZombies and botdroids?