table of Contents
DOS attack
What is the DOS attack
DOS is a Denial of Service abbreviation, the Chinese translation is simply a denial of service. The purpose DOS attack is: by depleting the server's CPU, memory and network bandwidth and other resources so that the server can not provide normal services to the user or cause service degradation. Conclusion is under attack server so that the server refused to provide normal services to user requests. (This has been explained, feeling DOS also made quite the name of the image, ha ha ~)
The Internet looking for a more detailed explanation:
Make a vivid metaphor to understand the DoS. Street restaurants provide catering services for the public, if a group of local ruffians and hooligans to DoS restaurant, then, means will be many, such as occupying the table does not check out, blocked the door to prevent Road restaurant, restaurant waiters or cooks harassment can not work, and even more bad ...... corresponding computer and network systems is to provide Internet resource for Internet users, if a hacker to conduct DoS attacks, imagine there is a lot of the same means! Today the most common DoS attacks have the bandwidth and connectivity attacks attacks on computer networks. Bandwidth refers to attacks with great impact network traffic, so that all available network resources are depleted, leading to legitimate user requests can not. Communication refers to attack large number of connection requests impact computers, operating systems such that all available resources are exhausted, the final user computer can not handle legitimate requests.
Category attacks
DOS denial of service attacks based on means of attack, can be divided into two categories:
- Flooding attack: sending large amounts of useless data packets over its handling capacity to the target server so that the server can not provide services to target legitimate users;
- Half-open connection attacks: the presence of a large number of systems in the semi-connected service request, the server in order to maintain these half-open connections, requires a lot of memory, and general Web server are all connected to quantitative restrictions. If the normal at this time of the request will be rejected come out.
Examples of specific attacks
1. SYN FLOOD (belonging to the half-open connection attack)
using the server connection buffer (Backlog Queue), using a special program, the TCP Header arranged, doubled continuously transmits only a TCP connection request SYN flag to the server. When the server receives, that have not established a connection request, thus establishing a session for these requests, the queue buffer is discharged.
If your SYN request the server can accommodate more than the limit of the buffer queue is full, then the server will no longer receive new requests. Other legitimate user connections are rejected out. You can continue to send a SYN request, until the buffer is your only SYN marker request.
2. Bandwidth DOS attack
if your connection bandwidth is large enough and the server are not very big, you can send a request to a server consumes bandwidth consumption buffer server. This attack was strength in numbers, and together with the SYN implementation of DOS, powerful. But is the primary DOS attack.
3. Hash collision attacks
that exploit security weaknesses of the "non-random" Hash algorithms each language can produce more than N value is not the same, but the key the same data, and then let your Hash table become a singly linked list, and operating performance leading to your whole website or program to decrease the number of stages (you can easily get your CPU to rise to 100%). About Hash collision DOS attack, this blog has concluded very comprehensive, and do not own a recycling wheels.
I made a simple experiment, wrote the following Controller
@RequestMapping("/convertJSONAndValid")
public Object convertJSON(@RequestBody JSONObject jspan){
Map<String,Object> map = new HashMap<>();
map.put("key1","value");
return map;
}
Postman sent through this interface to one million one-time "xx": "1" such as key-value pairs through the Task Manager to see CPU instantly soared to 88%. This attack is very scary. The following code is used to generate one million pairs.
public static void main(String[] args) throws Exception {
FileWriter fs = new FileWriter("D:\\json.txt");
fs.write("{\r\n");
int count = 1000000;
for(int i=0;i<count;i++){
if(i!=count-1){
fs.write("\"xx\":\"1\",\r\n");
}else {
fs.write("\"xx\":\"1\"\r\n");
}
}
fs.write("}");
fs.close();
}Reference excellent blog
- https://www.cnblogs.com/botoo/p/9583388.html
DDOS attacks
Traditionally, the main problem faced by the attacker network bandwidth, due to the smaller network size and slow network speed, the attacker can not send too many requests. Although similar to the "the ping of death" type of attacks requires less amount of packages you can destroy a UNIX system is not patched, but most of the DoS attack or need a large bandwidth, while the individual units of hackers are difficult to use high-bandwidth resources. To overcome this shortcoming, DoS attackers developed a distributed attack. Simple set of tools attackers use a lot of network bandwidth to simultaneously launch attacks a large number of requests for the same goal, which is DDoS (Distributed Denial of Service) attack.
Whether a DoS attack or DDoS attack, a simple look, just a destructive hackers mode network service, although the specific implementation of the ever-changing, but all have one thing in common, that is, its fundamental purpose is to make the victim host or network can not be received in a timely manner and deal with external requests, or unable to respond to requests in a timely manner outside world.
Under summary:
DDOS attack is to control multiple widely distributed machine-to-machine target launch DOS attacks