What does ddos ​​attack use to attack?

DDoS is the abbreviation of Distributed Denial of Service, which is distributed denial of service.

Use the TCP three-way handshake vulnerability to attack. (Recommended study: PHP video tutorial)

SYN attack is the most common DDos attack on the current network and the most classic denial of service attack. It uses the TCP protocol An implementation flaw is that by sending a large number of attack packets with forged source addresses to the port where the network service is located, the half-open connection queue in the target server may be filled, thereby preventing other legitimate users from accessing. This attack was discovered as early as 1996, but it still shows strong vitality. Many operating systems and even firewalls and routers cannot effectively defend against this attack, and because it can easily forge the source address, it is very difficult to trace. Its packet characteristics are usually that the source sends a large number of SYN packets and lacks the last step of the three-way handshake ACK reply.

The principle behind a DDoS attack is to put it bluntly, it is a group attack. Many machines are used to launch a DoS attack on the target machine. However, this is not a case where many hackers participate together. This kind of attack is only operated by one hacker. This hacker does not own many machines. He uses his machines to occupy many "broilers" on the network and controls these "broilers" to launch DDoS attacks. Otherwise, how can it be called distributed? Still in the example just now, your machine can send 10 attack data packets per second, and the attacked machine can receive 100 data packets per second, so your attack will definitely not work, and if you use 10 or more If more machines come to attack the target machine, the results can be imagined.

How does DDoS attack?

The most popular and most useful attack method is to use SYN-Flood to attack. SYN-Flood is also a SYN flood attack.

SYN-Flood will not complete the third step of the TCP three-way handshake, that is, it will not send connection confirmation information to the server. In this way, the server cannot complete the third handshake, but the server will not give up immediately. The server will keep retrying and wait for a certain period of time before giving up the unfinished connection. This period of time is called SYN timeout, which is about 30 seconds. -About 2 minutes. If a user has a problem when connecting and causes a thread of the server to wait for 1 minute, it is not a big deal, but if someone uses special software to simulate this situation in large quantities, the consequences can be imagined. If a server processes these large amounts of semi-connection information and consumes a large amount of system resources and network bandwidth, the server will no longer have room to handle normal requests from ordinary users (because the ratio of normal requests from customers is very small). In this way, the server cannot work. This attack is called: SYN-Flood attack.

For more PHP-related technical articles, please visit the PHP Graphic Tutorial column to learn!

The above is the detailed content of What does ddos ​​attack use to attack?. For more information, please follow other related articles on the PHP Chinese website!