|
|
|
|
|
|
by shaggy
5048 days ago
|
|
|
Very few protocols fully or properly implement the entire 7 layer OSI stack. Most times you see layers 3-5 lumped together. The way that they are looking at it is that the application (a browser, something else?) is being used to generate HTTP requests. So while it's technical accurate to say that because a browser or other application is acting as an HTTP client, the attack itself it not at layer 7 because they are receiving the attachs on layers 3 and 4 on their side. Where the article says "But layer 7 attacks, where the attacker actually connects to our hardware using TCP and makes apparently valid HTTP requests are another matter" Those would be layers 3 and 4. Mis-communication and outright wrong communication about layer 7 in networking has been rampant for years. |
|
|
On the other hand it's stupid to use OSI layers when talking about the internet since the internet has its own, well defined, terminology for layers. In that case HTTP is clearly at the Application layer.