What is a DDOS attack?

introduce
DDoS is the abbreviation of Distributed Denial of Service, which means distributed denial of service in Chinese. The predecessor of DDoS is DoS (Denial of Service), which means denial of service.

The most basic DoS attack is that the attacker uses a large number of reasonable service requests to occupy too many service resources of the target, so that legitimate users cannot get service responses. DDOS attack is also called "distributed attack". It uses illegal data to flood network links. These data may flood Internet links and cause legitimate data flows to be discarded.

DoS (Denial of Service) attacks are usually carried out in a one-to-one manner. When the performance indicators of the attack target are not high (such as low CPU speed, small memory or small network bandwidth, etc.), its effect is obvious.

However, DDOS attacks are more terrible than DOS (Denial of Service) and are extremely large in scale. They usually target hundreds or even tens of thousands of computers in an attempt to flood the target machine, paralyzing it within 1 minute. Even if it is a giant machine, it is impossible to handle thousands or tens of thousands of target machines at once to receive so many data packets. Similarly, flood attacks are also a type of this type of attack.

Features
DDOS uses a large number of legitimate distributed servers to send requests to the target, making it impossible for normal legitimate users to obtain services. In layman's terms, it uses network node resources such as IDC servers, personal PCs, mobile phones, smart devices, printers, cameras, routers, etc. to launch a large number of attack requests to the target, causing server congestion and inability to provide normal services to the outside world.

Classification
DDoS attacks are classified according to the attack method: flood attack, malformed packet attack, and scan and probe attack.

A flood attack , also known as a Flood attack, is an attack in which an attacker sends a large number of disguised service request messages to the target through a botnet, proxy, or directly, eventually exhausting the target's resources. The large number of messages sent can be TCP SYN and ACK messages, UDP messages, ICMP messages, DNS messages, HTTP/HTTPS messages, etc.

Malformed message attacks usually refer to attackers sending a large number of defective or special control messages, which cause the host or server to crash when processing such messages. Malformed message attacks include Smurf, Land, Fraggle, Teardrop, WinNuke attacks, etc. Special control message attacks include oversized ICMP messages, ICMP redirect messages, ICMP unreachable messages, and various IP message attacks with options.

Scanning and probing attacks are potential attack behaviors that do not directly cause damage. They are usually network probing behaviors before attackers launch real attacks, such as IP address scanning and port scanning.

Tiers

DDoS attacks are classified according to the TCP/IP protocol layers: network layer attacks, transport layer attacks, and application layer attacks.

Network layer: IP address scanning attack, most special control message attacks, Teardrop attack, Smurf attack, IP fragment message attack, ICMP Flood attack

Transport layer: SYN Flood, SYN-ACK Flood, ACK Flood, FIN/RST Flood, TCP connection exhaustion attack, UDP Flood (including various reflection attacks), TCP/UDP fragment message attack, DNS Flood, DNS cache poisoning, and other attacks related to TCP, UDP messages and ports

Application layer: HTTP Flood, HTTP slow attack, HTTPS Flood, SSL DDoS attack, SIP Flood

Attack Methods

DDoS attacks occupy a large amount of network resources through a large number of legitimate requests in order to paralyze the network. They can be divided into the following categories:

1. Interfere with or even block normal network communications by overloading the network.

2. Overload the server by submitting a large number of requests to the server.

3. Block a certain user from accessing the server.

4. Block the communication between a service and a specific system or individual.

[[346108]]

How to defend?
There is no good way to defend against software attacks. You can enable CDN for the entire site, which can hide the real server IP. Divert DDOS attacks to increase the cost of attacks. You can also buy hardware firewalls and high-defense G-port machines.

From the current perspective, although it is not easy to reduce the impact of DDoS attacks, necessary measures can still be taken to reduce losses.

For enterprises, defending against DDoS attacks is just as important as deploying security solutions such as anti-virus protection, targeted attack defense, and data leakage measures.

【Editor's recommendation】

1. React tutorial for Vue users, you deserve it
2. The “long and short” debate on WeChat video accounts
3. Apple's ban on cloud gaming services sparks public outrage, accused of stifling competition
4. The information about playing stinky games, no one wants it even if it is leaked?
5. Advantages and disadvantages of 5G networks
6. QR Codes: A Hidden Security Threat

[Editor: Jiang Hua TEL: (010) 68476606]