What is DDOS attack?
DOS (Denial of Service) is a denial of service attack.
DDoS attacks are a class of attacks resulting in the traditional DoS attacks basis. DoS attacks are generally single use of one-way, when the target is low CPU speed, memory, network bandwidth is small or small, and so the performance index is not high on its effect is obvious. With the development of computer and network technology, the rapid growth of computer processing power, memory greatly increased, there has also been Gigabit, Gigabit, one hundred level network, which makes DoS attacks increased degree of difficulty - the target of malicious "digestion" attack packets to strengthen a lot, such as the attack software you can send 3,000 attacks per second package, but my host and network bandwidth attacks per second can handle 10,000 packages, so not to attack It will have little effect.
Then Hou distributed denial of service attacks (DDoS) came into being. Understand the DoS attacks, its principle is very simple. If the computer and network capacity has increased 10-fold, with a strike aircraft to attack no longer works, then the attacker uses 10 attack aircraft simultaneously attack it? 100 with it? DDoS is to use more machines to attack the puppet, to a larger scale than ever to attack the victim.
Distributed Denial of Service (DDoS: Distributed Denial of Service) attack refers to the aid of client / server technology, multiple computers together as an attack platform, one or more target launch DoS attacks, thus exponentially improving denial of service attack power. Typically, an attacker using a stolen account the DDoS master program is installed on a computer, at a set time master program will have been installed with a number of communications agent, the agent on many computers on the Internet. Agents will attack when a command is received. The use of client / server technology, can activate the master program run hundreds of times the agent in a matter of seconds
For the goal is to see can speak eight stages divided into two categories:
1. upload traffic
2. download traffic
Extensive network of high-speed connections to give us some convenience, but also created extremely favorable conditions for DDoS attacks. At low speed network era, hacker attacks with the occupation puppet machine will always be a priority from the target network machines from the past, because after a small number of router hops, good effect. Now the connection between the telecommunications backbone nodes are based on G as the level, the more it can achieve 2.5G connection between the big cities, which makes it possible attack launched from further afield, or other cities, puppet Position attacker can in distributed in a larger scope, select them more flexible.
When a DDoS attack is a phenomenon:
· Attacked a large number of TCP connections waiting on the host.
· Network filled with a lot of useless packets, the source address is false.
· Manufacture high flow useless data, resulting in network congestion, the victim host can not communicate properly with the outside world.
· Use defects or transport service provided by the victim host protocol, repeated high-speed service to issue a specific request, the victim host can not handle all normal requests in a timely manner.
· Serious cause system crashes.
DDOS global real-time map
http://www.digitalattackmap.com/
Attack Surface
We will be normal user access to web pages of process is divided into eight stages 1-8
For the goal is to see can speak eight stages divided into two categories:
1. upload traffic
2. download traffic
For different attack surface:
1-8 2-7 tcp packets, and so the ping
request 3-6 requires a dynamic language processing and the response
4-5 and database query results
1-8 2-7 tcp packets, and so the ping
request 3-6 requires a dynamic language processing and the response
4-5 and database query results
Different attack surface ranging from resource consumption are: 1 bandwidth 2.CPU 3. 4. hard disk memory resources
Type of attack
1>反射型(放大攻击)攻击 - 以小博大
从攻击服务器性能来看 , 让服务器返回工作并且返回更大的数据量的数据包(比如get请求)能够消耗服务器更多的性能, 造成不能对正常用户的访问做出回应。
比如说下面要讲的cc攻击。 我们将这种手段称之为反射型攻击。
从攻击服务器性能来看 , 让服务器返回工作并且返回更大的数据量的数据包(比如get请求)能够消耗服务器更多的性能, 造成不能对正常用户的访问做出回应。
比如说下面要讲的cc攻击。 我们将这种手段称之为反射型攻击。
2>CC攻击
攻击原理:利用代理服务器向受害者发起大量HTTP Get请求;主要请求动态页面,涉及到数据库访问操作;数据库负载以及数据库连接池负载极高,无法响应正常请求.
3>Syn Flood
攻击原理:依据tcp建立连接的三次握手。此攻击以多个随机的源主机地址向目的主机发送syn包,而在收到目的主机的syn+ack包后并不回应,目的主机就为这些源主机建立大量的连接队列,由于没有收到ack一直维护这些连接队列,造成资源的大量消耗而不能向正常的请求提供服务。与之类似的攻击方式还有ackflood、s-ackflood、finflood、rstflood、tcpflood 。
防御
1.将站点推送CDN , 让CDN承受资源损耗
2.购买抗D服务
3.保障真实ip的私密性