Resources Banner

Glossary - E

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

Excessive VERB

The attacking BOT generates a large number of valid HTTP requests to a victim web server. The HTTP request is generally a GET request of a common web page or image, often a large one. Each BOT can generate a large number of valid requests (usually over 10 requests a second) so the attacker can use a relatively small number of BOTs to achieve a successful attack. VERB Attacks are non-spoofed: the source IP is the actual public IP of the attacker BOT and the source IP range is equal to the number of BOTs used in the attack. The most common form of VERB attack uses GET requests but the attacker can also use POST or other HTTP actions to cause the same impact on the victim. An Excessive VERB Attack does not generate significant bandwidth increase on the network but can render the victim unresponsive by consuming server resources.

 

Excessive VERB Single Session

A variation of the Excessive VERB Attack. This attack uses the feature of HTTP 1.1 to allow multiple requests within a single HTTP session. Thus, the attacker can limit the session rate of an HTTP attack and bypass session rate limitation defenses of many security systems. Excessive VERB Single Session Attack and Excessive VERB Attack have the same effect on a victim web server.