Home > other >  How to prevent the network attack?
How to prevent the network attack?

Time:02-23

Simple, for example, one based on TCP/IP server and the client to the server by sign in, after successful long connections, then the question and answer to communicate
Message format is probably:
Baotou: 1 byte packet type + 2 packet length + 14 bytes timestamp
Inclusions:

The server to unpack to received data, such as a sign-in request packet is 50 bytes, but in public, may be 50 bytes were broken into two or three packets, so the service side after receiving at least three bytes, continue to wait to receive the rest of the 47 bytes, the TCP connection will continue to the back of the logical processing

If an attacker at least 3 bytes of data sent to the server, and the subsequent 20 bytes, then keep the connection will no longer send data, it will cause server TCP connection resources have been meaningless possession, the connection is much, cause server resources waste,

This attack is usually how to prevent?

CodePudding user response:

If you don't set the timeout of TCP, and long connection if it's not quite so disguised DDOS, this in the firewall or the LINUX kernel mechanism must be set on itself KEEP ALIVE the timeout mechanism

CodePudding user response:

reference 1/f, ice cream, jelly and response:
if you do not set the timeout of TCP, and long connection if it's not quite so disguised DDOS, this on the firewall or the LINUX kernel mechanism must be set itself KEEP ALIVE timeout mechanism


If the timeout is 10 seconds
Then attack Fang Xianfa 3 bytes, then every 9 seconds sends a byte, so?

CodePudding user response:

refer to the second floor small wolves reply:
Quote: reference 1/f, butter and jelly ice response:
if you do not set the timeout of TCP, and long connection if it's not quite so disguised DDOS, this on the firewall or the LINUX kernel mechanism must be set itself KEEP ALIVE timeout mechanism


If the timeout is 10 seconds
Then attack Fang Xianfa 3 bytes, then every 9 seconds sends a byte, so?


For this kind of pure malicious attacks, according to my train of thought is open, black and white list for some unnecessary all open to the public, all white list processing, open to all such as website, we will through the IPS WAF firewall 3 doors, caught analysis against regional blockade IP gradually, TCP reverse tracking, losses for malicious attacks start directly court, now the load balance, two to three centers to take down a web site is not easy

Page link:https//www.codepudding.com/other/102277.html

Prev:For post: router switches iptv set-top box how to resolve the conflict?
Next:Questions about MPLS LDP set up
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding