[voltagex_]

Most of the responses here deal with bandwidth floods. Is that really the most common DDoS?

Thinking like an attacker, wouldn't the most effective DoS be to find a CPU or memory intensive part of an application and use a small amount of bandwidth to create a large impact?

[kev009]

Attacks that are heavy on L1-4 are the hardest to protect against because of the need for large fixed infrastructure (peering/transit).

L7 attacks can be scrubbed by the same infrastructure. Beyond that, it's all a matter of detection. The computational expense of L7 inspection can be mitigated by sampling or scaled with ECMP. You may see a "WAF" (Web Application Firewall) enter the picture at this level.

[greenleafjacob]

At AWS re:Invent 2015, Amazon claimed that 15% of attacks were at layer 7, 65% were network level bandwidth floods, and 20% were network level state exhaustion [1].

[1]: https://youtu.be/Ys0gG1koqJA?t=229