Resources Banner

Glossary - M



Media Data Flood

In addition to VoIP, UDP floods can take the form of any media data, causing a Media Data flood (Video, Audio, etc.). During an attack, a victim server receives spoofed Media Data packets at a very high packet rate and with a very large source IP range. The victim server is overwhelmed by the large number of incoming Media Data packets, consuming network resources and available bandwidth until the network shuts down. Similar to VoIP floods, Media Data floods can overwhelm a network with packets containing randomized or fixed Source IP addresses, making the attack difficult to identify because it resembles good traffic. Both modes of Media Data floods can easily exhaust network bandwidth as well as CPU resources.


Misused Application Attack

The attacker does not use BOTs to consume the system resources of a victim’s server. Rather, an attacker redirects valid clients belonging to a high traffic application, such as peer-to-peer services, to a victim server. The target victim is then overwhelmed with traffic from a group of misdirected computers trying to form a legitimate connection with its server. Once the traffic is misdirected towards the victim server, the attacker computer becomes untraceable by dropping from the network. The overwhelming connection requests received by the victim’s server depletes its system resources, resulting in performance degradation or a complete server shutdown.


Multiple VERB Single Request

This Attack is also a variation of the Excessive Verb Attack strategy. The attacking BOT creates multiple HTTP requests, not by issuing them one after another during a single HTTP session, but by forming a single packet embedded with multiple requests. It is a refinement of the Excessive VERB attack, where the attacker can maintain high loads on the victim server with a low attack packet rate. This low rate makes the attacker nearly invisible to netflow anomaly detection techniques. Also, if the attacker selects the HTTP VERB carefully these attacks will bypass deep packet inspection techniques.