Attacks based on IP activity - PingIntelligence for APIs

Attacks based on IP activity - PingIntelligence for APIs - 5.0

PingIntelligence

bundle

pingintelligence-50

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.0

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-50

pingintelligence

private

ContentType_ce

Page created: 12 May 2021 |

Page updated: 1 Nov 2021

| 2 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product End User Audience IT Operations Security Manager

The following table lists the REST API attacks detected using an IP address as the client identifier. The attacks can be on a single API or across APIs

Attack Type	Description	id	Single or Across APIs
Data Exfiltration Attack	Data is being extracted via a REST API service.	`1`	Single API
Single Client Login Attack Type 1	Login service attacked by a bot or rogue client.	`2`	Single API
Multi-Client Login Attack	Login service is under DDoS attack by bots.	`3`	Single API
API Memory Attack Type 1	Flooding of an API service with data or code.	`5`	Single API
API Memory Attack Type 2	Flooding of an API service with data or code.	`6`	Single API
API Probing Replay Attack	Probing or breach attempts on an API service – also called fuzzing.	`8`	Single API
API DDoS Attack Type 1	A DDoS or distributed attack is disrupting an API service.	`9`	Single API
Extreme Client Activity Attack	Extreme client request activity on an API service.	`10`	Single API
Extreme App Activity	Extreme App Activity may indicate an injection or other CPU intensive attack.	`11`	Single API
API DoS Attack	Client (IP) sending high volumes of requests to overload application services	`12`	Single API
API DDoS Attack Type 2	Multiple clients (IP botnet) sending high volume traffic to overload the API service	`13`	Single API
Data Deletion	Excessive data deletion activity on an API service.	`14`	Single API
Data Poisoning	Extreme create or update activity received on an API service.	`15`	Single API
API Probing Replay Type 2	Probing an API service over an extended time period - IP	`20`	Across APIs
Data Exfiltration Attack Type 2	Data is being extracted via a REST API service over an extended time period.	`21`	Single API
Excessive Client Connections Note: The Excessive Client Connections attack type is disabled by default. For more information, see REST API attack types.	Client is establishing an excessive number of TCP connections.	`24`	Across APIs
Content Scraping Type 1	Client abnormally accessing API content.	`27`	Across APIs
Content Scraping Type 2	Client abnormally accessing API content over an extended time period	`28`	Single API
Unauthorized client attack	Client without a token or cookie is probing an API service.	`29`	Single API
Single Client Login Attack Type 2	Login service attacked by a bot or rogue client over an extended time period	`30`	Across APIs
Header Manipulation	Probing an API using malicious headers	`37`	Single API
Query Manipulation Attack	Modifying query string to inject malicious content or impact API service	`41`	Single API