In recent years, more and more IoT devices have been used to implement DDoS attacks. The normalization of enterprise protection against DDoS attacks will be crucial, otherwise the security and sustainable operation of online businesses will always face threats and challenges. DDoS attacks can easily block normal network services or reduce the quality of services, causing huge losses to Internet companies and network service providers.
DDoS attacks can be divided into three main types. One is application attacks, which mainly use loopholes in the protocol stack (6) and protocol stack (7) to target specific applications rather than the entire server. They usually target public ports and services such as DNS or HTTP. One is the protocol attack, the second most common attack vector, and it targets vulnerabilities in the way the protocol works. There is also a capacity exhaustion attack, which usually uses botnets and amplification technology to block access to terminal resources by injecting a large amount of traffic into terminal resources. The most common attack methods of these three attacks are as follows:
The most common application attacks are:
(1) HTTP flood attack. The attacker flooded the application or web server with a large number of standard GET and POST requests. Since these requests usually appear as legitimate traffic, detecting HTTP flood attacks is quite a challenge.
(2) Slowloris. As the name suggests, Slowloris slowly crashed the victim's server. The attacker sends HTTP requests to the victim's server at intervals and a small portion. The server has been waiting for these requests to complete, but it never happens. In the end, these unfulfilled requests exhausted the victim's bandwidth and prevented legitimate users from accessing the server.
The most common protocol attacks are:
(1) SYN flood attack. The hacker exploited the loopholes in the TCP mechanism of the three-way handshake. The client sends the SYN packet to the server, receives the SYN-ACK packet, and never sends the ACK packet back to the host. As a result, the victim's server left many outstanding SYN-ACK requests, which eventually led to a crash.
(2) Ping attack of death. Hackers use simple Ping commands to send very large data packets, causing the victim's system to freeze or crash.
The most common capacity exhaustion attacks are:
(1) UDP flood attack. The hacker sends User Datagram Protocol (UDP) packets to forge the victim's source address to a random port, and the host generates a large amount of reply traffic and sends it back to the victim.
(2) ICMP flood attack. Hackers use a large number of Internet Control Message Protocol (ICMP) requests or ping commands to try to exhaust the victim's server bandwidth.
In addition to the well-known attacks, there is also an attack method called a zero-day vulnerability DDoS attack that uses unknown software vulnerabilities that have not been patched or uses an uncommon attack vector. It is more difficult to detect and defend than ordinary DDoS attacks. If you want to create your own effective protection against DDoS attacks, you must keep in mind the following basic system requirements:
(1) Defense against level 3-4 and level 6-7 attacks. If your solution can detect all three main types of DDoS attacks (volume attacks, application attacks, and protocol attacks), and effectively protect against DDoS, it is preferable.
(2) Hybrid DDoS detection method. The combination of signature-based and anomaly-based detection methods is the key to detecting different types of DDoS attacks.
(3) Effective flow filtering. One of the biggest challenges in protecting against DDoS is to distinguish malicious requests from legitimate requests. It is difficult to create effective filtering rules, because most requests involving DDoS attacks appear to come from legitimate users. Popular methods such as rate limiting often generate many false positives, which prevent legitimate users from accessing your services and applications.
The improvement of DDoS attack skills has also increased the difficulty of protecting against DDoS attacks. Effectively dealing with such attacks is a systematic project. Not only does it require technical personnel to explore the means of protection, but also network users must have basic awareness of protection against cyber attacks. Only by combining technical means and personnel quality can we maximize the effectiveness of network protection.
https://www.zhuanqq.com/News/Industry/290.html