The "past and present" of DDoS attacks! To understand the focus of current DDoS protection from the root cause

At present, the problem of DDoS protection has become a problem that every Internet company needs to face, and it is closely related to the self-interest of every company. DDoS is the most notorious form of network attack on the Internet. It appeared in the 1990s and has been active for nearly 20 years. The most terrifying thing is that although the cost of the attack is very low, it needs to be defended. The cost is very high, and the losses caused are often terrible.
Nowadays, all walks of life are high incidence of DDoS attacks. There are many methods of DDoS attacks. We can first understand the three common types of DDoS attacks.
The first is the SYN Flood attack, which is a common DDoS attack type. From the early use of the TCP three-way handshake principle, the forged IP source is small and difficult to trace, which can be called a classic attack type. After a large number of forged source SYN attack packets enter the server, the system will generate a large number of SYN_RECV states, and finally exhaust the system's SYN Backlog, causing the server to fail to process subsequent TCP requests, causing the server to crash. This kind of attack can be mitigated by software firewall and system parameter optimization in DDoS protection measures.
The second type is ACK Flood attack, ACK Flood / RST Flood / PSH Flood / FIN Flood. These attacks are not as harmful as SYN Flood in nature, but they are also easy enough to cause the server to crash. Although this type of attack will not cause a large number of SYN_RECVs in the server system, the server will send a large number of RST packets to the forged source IP. Under normal circumstances, the server cannot handle a large number of ACK Flood attacks. In response to this kind of attack, direct access to cloud cleaning and cloud defense services in DDoS protection measures, adjusting the system is of little use.
The third type is UDP Flood attack. This kind of attack has become more and more common at present. Due to various software design flaws and the connectionless nature of the UDP protocol, this makes UDP Flood attacks very easy to launch and can get dozens of times. Attacks magnified thousands of times. The DDoS protection services required for such attacks are very complicated, troublesome, and expensive.
Under the global wave of digitalization, data centers have become the primary choice for more and more enterprises to digitalize. However, in the context of rapid technological changes, the threats faced by the network have also changed and upgraded. With the increase in types of attacks and the continuous upgrading of hackers' own technology, more and more enterprise servers have become hackers' attack resources. Low-threshold, simple and efficient DDoS attacks have become more frequent, and a large number of malicious traffic squeezes network bandwidth, disrupts the normal operation of enterprises, and poses a great threat to the enterprise exhibition industry.
Today, the DDoS protection situation encountered by enterprises is gradually not optimistic. With the accelerated development of enterprises, the requirements of enterprises on network information security are also deepening. Therefore, we must put the establishment of website security protection measures in the first place of network security.
This article is reproduced from: http://www.heikesz.com/ddos1/1775.html