Most reduced types of DoS attacks
Layer 4 (Transport) DoS attack is often referred to as a SYN flood.
Layers 5,6 and 7 of the OSI model are referred to as the application layer within TCP/IP. Which you mentioned as "Application-Layer-DoS (ALDoS), on layer 7". However, an application layer flood, could be referred to as XDoS. Unfortunately, besides DDoS Quick Guide by National Cybersecurity and Communications Integration Center, 29 January 2014 I could not find much regarding the OSI model for DoS. Instead, most documentation speaks about the TCP/IP model for DoS.
From DDoS Quick Guide I was able to determine these examples for the OSI Model though:
- Layer 5 (Session) - Telnet DDoS attack
- Layer 6 (Presentation) - Malformed SSL Request
- Layer 7 (Application):
- PDF GET request
- HTTP GET
- HTTP POST
OSI Layers and Sample DoS attacks are as follows:
Layer 7 (Application Layer) - HTTP GET or POST based attacks
Layer 6 (Presentation Layer) - Malformed SSL request attacks
Layer 5 (Session Layer) - Telnet/SSH session attacks
Layer 4 (Transport Layer) - SYN Flood attacks/ SMURF attacks
Layer 3 (Network Layer) - ICMP flood attacks
Layer 2 (Data Link Layer) - MAC flooding attacks
Layer 1 (Physical Layer) - Physical destruction
What about layer 4 and is my reducing attempt accurate?
Your reducing attempt appears to group levels 3, 2, and 1 together and group 7, 6, and 5 together. This is not entirely accurate since denial of service attacks can exist at every level of the OSI model.
In addition, there is a complication with respect to the OSI model versus the real world. The other answers and comments are correct that the seven-layer OSI model is not the model that is most commonly used to describe network-based attacks (such as DOS). The more commonly used model is the "TCP/IP" Internet stack model. The main semantic different between these models is that the OSI model uses layers 5,6, and 7, whereas in the TCP/IP model everything above TCP is just called layer 5 (the application layer). One reason for this is that the OSI model is protocol independent, but in the real world TCP/IP is king. In TCP/IP, TCP and IP correspond to layers 4 and 3 of the OSI model, respectively. Everything above TCP is just called layer 5 (the application layer).
Regarding layer 4: There are a variety of attacks that can occur at layer 4. In the real world, for the most part this means attacks on the transport layer via TCP or UDP (two of the major transport layer protocols). As the other answers and comments mention, one major attack via TCP is the TCP SYN Flood attack. This involves sending a large number of SYN packets to open connections on the machine being attacked, but never completing or ending the connection so that the attacked machine spends resources and time listening and has to eventually time out. I list some layer 4 DOS (or DDOS) attacks below:
- TCP SYN Flood Attack (Described above and in other answers)
- TCP SYN-ACK Attack (Send SYN with a spoofed address to zombie machine(s), zombie(s) send(s) SYN-ACK to attack target)
- UDP Flood Attack (Sending lots of UDP packets)
Regarding ICMP, this is also often called "ping," and is used to understand network connectivity. For this reason it is better to call an ICMP flood attack a layer 3 attack rather than a layer 4 attack even though ICMP "lives above" IP.
Here are some additional examples of DOS attacks at each layer of the Internet stack:
- Layer 5 (Application Layer): Examples of application layer protocols are HTTP, FTP, DNS, etc. A DNS flood attack is an example of a DOS attack where attackers try to use up all a DNS server's resources and thereby deny service to other legitimate users.
- Layer 4 (Transport Layer): (See above)
- Layer 3 (Network Layer): ICMP flood (See discussion of ICMP above). For another example, consider IP hijacking.
- Layer 2: CAM table overflow of a layer-2 switch.
- Layer 1: Cut the Ethernet cable. Or, another example, cellular phone jamming (blast the physical (air) channel with RF noise).