Home > Enterprise >  DDOS and DOS
DDOS and DOS

Time:09-17

DDOS is one of the DOS attack
DDoS attack method is based on the traditional DoS attack attack method, produce a kind of single DoS attack is usually adopts the one-to-one method when the target CPU speed is low, small memory, or network bandwidth, and so on various performance indicators is not high its effect is obvious, with the development of computer and network technology, computer processing power rapid growth, to increase memory, also appeared a gigabit levels of the network at the same time, this makes the difficulty of DoS attacks increased - target for malicious attacks package "digestion" to strengthen a lot, such as your attack software can send 3000 attack packets per second, but my host and network bandwidth can handle 10000 attack packets per second, so won't produce what effect,
Then hou means distributed denial of service attack (DDoS) was born, if the computer and network capacity increased 10 times, with a strike aircraft to attack can no longer work, attackers use ten bombers attacked at the same time? With 100 units? DDoS attack is to use more puppet machine to the larger size than before to attack victims,
The phenomenon of being DDoS attack
1. The attack on a host of a large number of waiting for the TCP connection
2. Network is filled with a lot of useless packets, the source address is false
3. Manufacturing high flow hash, and cause the network congestion, victimize the host can't normal communication with the outside
4. Using the victim host services or transfer protocol flaws, high-speed specific service requests repeatedly, victimize the host can't timely handle all normal request
5. Serious will cause system crash
SYN Flood is one of the most classic way of DDoS attacks on the Internet, DDoS attacks through a lot of legitimate requests to take up a large number of network resources, to achieve the purpose of paralysis of the network

SYN (TCP/IP connection is established with a handshake signals between the client and the server to establish the normal TCP network connection, the client sends a SYN first message, the server using the SYN + ACK response said received the news, the final client to ACK message response, so between the client and the server can establish a reliable TCP connection, the data can be sent between the client and the server
Through the three steps, building complete TCP connection, TCP protocol in order to realize reliable transmission in the process of three-way handshake to setting up the exception handling mechanism, the third step in if the server did not receive the client's final ACK confirmation message, would have been in SYN_RECV state, the client IP to join the waiting list, and send the second step of the SYN + ACK packet, resend generally 3 to 5 times, about 30 seconds between polling a waiting list of retry all client, on the other hand, the server in their issued after the SYN + ACK packet, will be pre-allocated resources for preparing to establish a TCP connection to store information, this resource has been kept during waiting for retry, more importantly, the server resources are limited, can maintain SYN_RECV state after more than the limit no longer accept new SYN packet, is also rejected a new TCP connection is established,

DDoS: Distributed "of the Service is a Distributed Denial of Service, attacking refers to using client/server technology, multiple computer unite as attack platform, launched a DDoS attack on one or more targets, thus exponentially increase the power of Denial of Service attack,
Deformity message: frag flood, smurf, stream flood, land flood attack, IP anomaly packets, TCP deformity package, udp deformity package,
The transport layer DDoS attacks: the syn flood, ack flood, udp flood, icmp flood, rstflood,
Web application DDoS attacks: HTTP get flood, HTTP post flood, cc attack,
DNS DDoS attacks: DNS request flood, DNS response flood, false source + source DNS query flood, authority and the local server attacks,
Connection type DDoS attacks: the TCP slow connection, connection depletion attack, loic, hoic, slowloris, Pyloris, xoic slow attacks, such as
  • Related