What are the three attack methods of DDoS?

The three attack methods of ddos ​​are: 1. SYN/ACK Flood attack; mainly by sending a large number of SYN or ACK packets with forged source IPs and source ports to the victim host, causing the host's cache resources to be exhausted or Busy sending response packets causing denial of service. 2. TCP full connection attack; it is designed to bypass conventional firewall inspections. 3. Script attack; characterized by establishing a normal TCP connection with the server and constantly submitting queries, lists and other calls that consume a large number of database resources to the script program.

The operating environment of this tutorial: Windows 7 system, Dell G3 computer.

The biggest headache for a website is being attacked. Common server attack methods mainly include the following: port penetration, port penetration, password cracking, and DDOS attacks. Among them, DDOS is currently the most powerful and one of the most difficult to defend attacks.

So what is a DDOS attack?

The attacker forges a large number of legitimate requests to the server, occupying a large amount of network bandwidth, causing the website to be paralyzed and inaccessible. Its characteristic is that the cost of defense is far higher than the cost of attack. A hacker can easily launch a 10G or 100G attack, but the cost of defending against 10G or 100G is very high.

DDOS attack was originally called DOS (Denial of Service) attack. Its attack principle is: you have a server, I have a personal computer, and I will use my personal computer to send messages to your server. A large amount of junk information congests your network, increases the burden on you to process data, and reduces the efficiency of the server CPU and memory.

However, with the advancement of technology, one-to-one attacks like DOS are easy to defend, so DDOS-distributed denial of service attack was born. The principle is the same as DOS, but the difference is that DDOS attacks are many-to-one attacks, and even tens of thousands of personal computers can attack a server using DOS attacks at the same time, eventually causing the attacked server to become paralyzed.

Three common DDOS attack methods

SYN/ACK Flood attack: The most classic and effective DDOS attack method , which can kill network services of various systems. Mainly by sending a large number of SYN or ACK packets with forged source IPs and source ports to the victim host, causing the host's cache resources to be exhausted or busy sending response packets, causing a denial of service. Since the sources are all forged, it is difficult to track. The disadvantage is that it is difficult to implement and requires high-bandwidth zombie host support.

TCP Full Connection Attack: This attack is designed to bypass the inspection of conventional firewalls. Under normal circumstances, most conventional firewalls have the ability to filter DOS attacks such as TearDrop and Land. But normal TCP connections are ignored. As everyone knows, the number of TCP connections that many network service programs (such as IIS, Apache and other web servers) can accept is limited. Once there are a large number of TCP connections, even if they are normal, they will As a result, website access is very slow or even inaccessible. A TCP full connection attack uses many zombie hosts to continuously establish a large number of TCP connections with the victim server until the server's memory and other resources are exhausted and dragged across, causing a denial of service. The characteristic of the attack is that it can bypass the protection of general firewalls to achieve the purpose of the attack. The disadvantage is that it needs to find many zombie hosts, and because the IPs of the zombie hosts are exposed, this type of DDOS attack method is easy to be tracked.

Script script attack: This attack is mainly designed for website systems that have script programs such as ASP, JSP, PHP, CGI, etc., and call databases such as MSSQLServer, MySQLServer, Oracle, etc. , characterized by establishing a normal TCP connection with the server, and constantly submitting queries, lists and other calls that consume a large number of database resources to the script program. It is a typical attack method with a small and broad approach.

How to defend against DDOS attacks?

Generally speaking, you can start from three aspects: hardware, a single host, and the entire server system.

1. Hardware

1. Increase bandwidth

Bandwidth directly determines the ability to withstand attacks. Increasing bandwidth hard protection is the theoretical optimal solution. As long as the bandwidth is greater than the attack traffic, you are not afraid, but the cost is very high.

2. Improve hardware configuration

Under the premise of ensuring network bandwidth, try to improve the configuration of hardware facilities such as CPU, memory, hard disk, network card, router, and switch, and choose well-known and reputable hardware. Good product.

3. Hardware firewall

Place the server in a computer room with a DDoS hardware firewall. Professional-grade firewalls usually have the function of cleaning and filtering abnormal traffic, and can fight against traffic-based DDoS attacks such as SYN/ACK attacks, TCP full connection attacks, script attacks, etc.

2. Single host

1. Repair system vulnerabilities in a timely manner and upgrade security patches.

2. Close unnecessary services and ports, reduce unnecessary system add-ons and self-starting items, minimize the number of processes executing in the server, and change the working mode

3. iptables

4. Strictly control account permissions, prohibit root login, password login, and modify the default ports of commonly used services

3. The entire server system

1. Load balancing

Use load balancing to distribute requests evenly to various servers, reducing the burden on a single server.

2. CDN

CDN is a content distribution network built on the Internet. It relies on edge servers deployed in various places and allows users to obtain content nearby through the distribution, scheduling and other functional modules of the central platform. required content, reduce network congestion, and improve user access response speed and hit rate, so CDN acceleration also uses load balancing technology. Compared with high-defense hardware firewalls, it is impossible to withstand unlimited traffic restrictions, but CDN is more rational and shares penetration traffic with multiple nodes. Currently, most CDN nodes have a 200G traffic protection function. Coupled with hard defense protection, it can be said that It can cope with most DDoS attacks.

3. Distributed cluster defense

The characteristic of distributed cluster defense is that multiple IP addresses are configured on each node server, and each node can withstand DDoS attacks of no less than 10G. If a node is unable to provide services under attack, the system will automatically switch to another node according to the priority setting and return all the attacker's data packets to the sending point, paralyzing the attack source.

Is ddos ​​an active attack?

Yes.

DDoS is the abbreviation of Distributed denial of service attack. Distributed denial of server attack (hereinafter referred to as DDoS) is a type of network attack that can cause many computers (or servers) to be attacked at the same time, making the attacked target unable to use normally.

DDoS attacks have appeared countless times on the Internet. Even large companies such as Google and Microsoft have been hit by DDoS attacks. It is a relatively common type of network attack.

For more related knowledge, please visit the FAQ column!

The above is the detailed content of What are the three attack methods of DDoS?. For more information, please follow other related articles on the PHP Chinese website!