Most DoS attacks are network volumetric floods (commonly known as TCP SYN or UDP floods). F5 SIRT also received reports of “Slow POST/Slowloris” attacks, designed to initiate and keep as many of a victim’s connections open as possible. 19% of reported DoS incidents involved attacks on DNS.