What is a DDOS attack?
For example, I opened a restaurant that can accommodate 100 people at the same time, one of my competitors opened a restaurant across the street, the competitor hired 300 people to sit in the restaurant without eating or drinking,anti DDOS and the result is a hotel full of guests, unable to operate normally, this is a computer distributed denial of service attack. In computer systems, it uses some defects in network protocols and operating systems, using deception and camouflage tactics to carry out network attacks, so that the web server is flooded with a large number of information that needs to be replied to, consuming network bandwidth or system resources, resulting in overloading of the network or system, paralyzing and stopping the provision of normal network services.
Distributed Denial of Service (DDoS) refers to multiple attackers in different locations attacking one or more targets at the same time, or a single attacker controlling multiple machines in different locations and utilizing those machines to attack victims simultaneously.
In the network attack, the source IP address information can be forged, usually the attacker will launch a DDOS attack before the attacker will control thousands of vulnerabilities in some of the computer,virtual Machine cloud these computer technology we can call the "puppet machine", the intruder through the analysis of these "puppet machine" to the victim of the attack. Puppet machine" to the target machine in the same time to launch concurrent requests, resulting in the target machine's system resources are instantly full, unable to meet the normal external economy to provide financial services.
Compared with DoS attacks launched by a single host, distributed denial of service attack DDoS is a group behavior launched simultaneously with the help of hundreds or even thousands of hosts that have been invaded and installed the attack process.
Attack Methods
1.SYN Flood Attack
SYN Flood attack is the most common DDoS attack on the current network, which utilizes a flaw in the implementation of the TCP protocol. By sending a large number of attack messages with forged source addresses to the port where the network service is located,vpshosting the queue of half-open connections in the target server may be full, thus preventing other legitimate users from accessing it.
It is well known that TCP requires three handshakes to establish a connection, and at least three successful exchanges of information between the two parties are required to enter a Full-Open connection. A normal connection requires the following steps.
First, the client sends a SYN packet to the server to initiate the connection.
The server responds with an initial packet with a SYN/ACK packet to confirm message communication;
Finally, the client returns an ACK packet to acknowledge the packet received from the server. After this packet sending and receiving sequence is complete, the TCP connection opens and can send and receive data.
An attacker utilizes the TCP handshake as a mechanism where, after receiving the initial SYN packet, the server will respond with one or more SYN / ACK packets and wait for the final step in the handshake. This is how it works:
An attacker typically sends a large number of SYN packets to the target server using a spoofed IP address.
The server responds to each connection request and leaves an open port ready to receive the response.
While the server waits for the final ACK packet, which we never get to, the attacker can continue by sending more SYN packets. The arrival of each new SYN packet causes the server to temporarily maintain the new open port connection for a period of time, and once all available ports are utilized, the server is unable to accommodate normal management efforts.
When the server disconnects but the computer connected to the other end is not connected, the connection is considered half-open. In this type of DDoS attack, the target server keeps the connection open, waits for each connection to time out, and then the port becomes available again. Therefore, such an attack can be considered a "semi-open attack".
2. UDP Flood Attack
UDP Flood is an increasingly rampant traffic DDoS attack, the principle is simple. A common scenario is to use a large number of UDP packets to attack DNS servers or Radius authentication servers and streaming video servers. Since the UDP protocol is a connectionless service, in a UDP Flood attack, the attacker can send a large number of small UDP packets that forge the source IP address.
3. ICMP Flood Attack
ICMP Flood Attack is a traffic-based attack that utilizes larger traffic to bring a larger load to the server, affecting the normal operation of the server. Because many firewalls currently filter ICMP packets directly. Therefore, the frequency of ICMP flood is low.
Connection Flood Attack
Connection flooding is a typical attack pattern that uses small amounts of traffic to attack large bandwidth network services. The principle of this attack is to initiate a large number of connections to the server by using real IP addresses. And the connections are not released for a long time after they are established, taking up the server's resources, resulting in too many remaining connections (waiting state) on the server, reduced efficiency, or even exhaustion of resources, unable to respond to links initiated by other customers.
4.HTTP Get attack
This kind of attack mainly targets ASP, JSP, PHP, CGI and other scripts. , characterized by establishing a normal TCP connection with the server, and constantly submitting queries, lists and other calls to the script that consume a lot of database resources. This attack is characterized by the ability to bypass common firewall protection and can be attacked by proxy. The disadvantage is that the attack on the static page of the site is not effective, will expose the attacker's lP address.
5. UDP DNS Query Flood attack
UDP DNS Query Flood Attack uses a method of sending a large number of domain name resolution requests to the attacked server. Usually the domain name being resolved is randomly generated or does not exist in the web world domain name. The domain name resolution process places a significant load on the server, and any number of stars above a certain number of domain name resolution requests per second will cause the DNS server to timeout on domain name resolution.
cloud server hk: Efficient, Reliable, Global Connectivity for Seamless Operations.
.jpg?x-oss-process=image/resize,p_100/format,webp)
