search
HomeCommon ProblemWhat are the three attack methods of DDoS?

The three attack methods of ddos ​​are: 1. SYN/ACK Flood attack; mainly by sending a large number of SYN or ACK packets with forged source IPs and source ports to the victim host, causing the host's cache resources to be exhausted or Busy sending response packets causing denial of service. 2. TCP full connection attack; it is designed to bypass conventional firewall inspections. 3. Script attack; characterized by establishing a normal TCP connection with the server and constantly submitting queries, lists and other calls that consume a large number of database resources to the script program.

What are the three attack methods of DDoS?

The operating environment of this tutorial: Windows 7 system, Dell G3 computer.

The biggest headache for a website is being attacked. Common server attack methods mainly include the following: port penetration, port penetration, password cracking, and DDOS attacks. Among them, DDOS is currently the most powerful and one of the most difficult to defend attacks.

So what is a DDOS attack?

The attacker forges a large number of legitimate requests to the server, occupying a large amount of network bandwidth, causing the website to be paralyzed and inaccessible. Its characteristic is that the cost of defense is far higher than the cost of attack. A hacker can easily launch a 10G or 100G attack, but the cost of defending against 10G or 100G is very high.

DDOS attack was originally called DOS (Denial of Service) attack. Its attack principle is: you have a server, I have a personal computer, and I will use my personal computer to send messages to your server. A large amount of junk information congests your network, increases the burden on you to process data, and reduces the efficiency of the server CPU and memory.

However, with the advancement of technology, one-to-one attacks like DOS are easy to defend, so DDOS-distributed denial of service attack was born. The principle is the same as DOS, but the difference is that DDOS attacks are many-to-one attacks, and even tens of thousands of personal computers can attack a server using DOS attacks at the same time, eventually causing the attacked server to become paralyzed.

Three common DDOS attack methods

SYN/ACK Flood attack: The most classic and effective DDOS attack method , which can kill network services of various systems. Mainly by sending a large number of SYN or ACK packets with forged source IPs and source ports to the victim host, causing the host's cache resources to be exhausted or busy sending response packets, causing a denial of service. Since the sources are all forged, it is difficult to track. The disadvantage is that it is difficult to implement and requires high-bandwidth zombie host support.

TCP Full Connection Attack: This attack is designed to bypass the inspection of conventional firewalls. Under normal circumstances, most conventional firewalls have the ability to filter DOS attacks such as TearDrop and Land. But normal TCP connections are ignored. As everyone knows, the number of TCP connections that many network service programs (such as IIS, Apache and other web servers) can accept is limited. Once there are a large number of TCP connections, even if they are normal, they will As a result, website access is very slow or even inaccessible. A TCP full connection attack uses many zombie hosts to continuously establish a large number of TCP connections with the victim server until the server's memory and other resources are exhausted and dragged across, causing a denial of service. The characteristic of the attack is that it can bypass the protection of general firewalls to achieve the purpose of the attack. The disadvantage is that it needs to find many zombie hosts, and because the IPs of the zombie hosts are exposed, this type of DDOS attack method is easy to be tracked.

Script script attack: This attack is mainly designed for website systems that have script programs such as ASP, JSP, PHP, CGI, etc., and call databases such as MSSQLServer, MySQLServer, Oracle, etc. , characterized by establishing a normal TCP connection with the server, and constantly submitting queries, lists and other calls that consume a large number of database resources to the script program. It is a typical attack method with a small and broad approach.

How to defend against DDOS attacks?

Generally speaking, you can start from three aspects: hardware, a single host, and the entire server system.

1. Hardware

1. Increase bandwidth

Bandwidth directly determines the ability to withstand attacks. Increasing bandwidth hard protection is the theoretical optimal solution. As long as the bandwidth is greater than the attack traffic, you are not afraid, but the cost is very high.

2. Improve hardware configuration

Under the premise of ensuring network bandwidth, try to improve the configuration of hardware facilities such as CPU, memory, hard disk, network card, router, and switch, and choose well-known and reputable hardware. Good product.

3. Hardware firewall

Place the server in a computer room with a DDoS hardware firewall. Professional-grade firewalls usually have the function of cleaning and filtering abnormal traffic, and can fight against traffic-based DDoS attacks such as SYN/ACK attacks, TCP full connection attacks, script attacks, etc.

2. Single host

1. Repair system vulnerabilities in a timely manner and upgrade security patches.

2. Close unnecessary services and ports, reduce unnecessary system add-ons and self-starting items, minimize the number of processes executing in the server, and change the working mode

3. iptables

4. Strictly control account permissions, prohibit root login, password login, and modify the default ports of commonly used services

3. The entire server system

1. Load balancing

Use load balancing to distribute requests evenly to various servers, reducing the burden on a single server.

2. CDN

CDN is a content distribution network built on the Internet. It relies on edge servers deployed in various places and allows users to obtain content nearby through the distribution, scheduling and other functional modules of the central platform. required content, reduce network congestion, and improve user access response speed and hit rate, so CDN acceleration also uses load balancing technology. Compared with high-defense hardware firewalls, it is impossible to withstand unlimited traffic restrictions, but CDN is more rational and shares penetration traffic with multiple nodes. Currently, most CDN nodes have a 200G traffic protection function. Coupled with hard defense protection, it can be said that It can cope with most DDoS attacks.

3. Distributed cluster defense

The characteristic of distributed cluster defense is that multiple IP addresses are configured on each node server, and each node can withstand DDoS attacks of no less than 10G. If a node is unable to provide services under attack, the system will automatically switch to another node according to the priority setting and return all the attacker's data packets to the sending point, paralyzing the attack source.

Is ddos ​​an active attack?

Yes.

DDoS is the abbreviation of Distributed denial of service attack. Distributed denial of server attack (hereinafter referred to as DDoS) is a type of network attack that can cause many computers (or servers) to be attacked at the same time, making the attacked target unable to use normally.

DDoS attacks have appeared countless times on the Internet. Even large companies such as Google and Microsoft have been hit by DDoS attacks. It is a relatively common type of network attack.

For more related knowledge, please visit the FAQ column!

The above is the detailed content of What are the three attack methods of DDoS?. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
怎么使用Nginx、Nginx Plus抵御DDOS攻击怎么使用Nginx、Nginx Plus抵御DDOS攻击May 14, 2023 pm 08:34 PM

一、应用层ddos攻击的特征应用层(七层/http层)ddos攻击通常由木马程序发起,其可以通过设计更好的利用目标系统的脆弱点。例如,对于无法处理大量并发请求的系统,仅仅通过建立大量的连接,并周期性的发出少量数据包来保持会话就可以耗尽系统的资源,使其无法接受新的连接请求达到ddos的目的。其他还有采用发送大量连接请求发送大数据包的请求进行攻击的形式。因为攻击是由木马程序发起,攻击者可以在很短时间内快速建立大量的连接,并发出大量的请求。以下是一些ddos的特证,我们可以据此特征来抵抗ddos(包括

Nginx安全实战:防范DDoS攻击Nginx安全实战:防范DDoS攻击Jun 11, 2023 am 08:13 AM

随着互联网的发展,网络攻击手段变得越来越多样化,其中包括了DDoS攻击,这种攻击方式会使用多个攻击源同时向目标服务器发起大量请求,导致服务器不堪重负,从而无法正常工作。因此,保护服务器对于一些重要的网站来说十分重要。Nginx作为一个高性能、跨平台的Web服务器和反向代理服务器,可以帮助我们抵御DDoS攻击。下文将对Nginx的安全实战进行归纳总结,以防范D

ddos有哪几种攻击方式ddos有哪几种攻击方式May 19, 2023 pm 04:10 PM

ddos三种攻击方式是:1、SYN/ACKFlood攻击;主要是通过向受害主机发送大量伪造源IP和源端口的SYN或ACK包,导致主机的缓存资源被耗尽或忙于发送回应包而造成拒绝服务。2、TCP全连接攻击;它是为了绕过常规防火墙的检查而设计的。3、刷Script脚本攻击;特征是和服务器建立正常的TCP连接,并不断的向脚本程序提交查询、列表等大量耗费数据库资源的调用。网站最头痛的就是被攻击,常见的服务器攻击方式主要有这几种:端口渗透、端口渗透、密码破解、DDOS攻击。其中,DDOS是目前最强大,也是最

微软在应对3.47 Tbps DDoS攻击中创下防御记录微软在应对3.47 Tbps DDoS攻击中创下防御记录Apr 22, 2023 am 08:52 AM

微软去年11月,它缓解了3.47TbpsDDoS(分布式拒绝服务)攻击,无意中创造了新记录。在一篇博文中,这家Redmond巨头分享了2021年第三季度的AzureDDoS保护数据。该公司指出,2021年下半年DDoS攻击数量有所增加。由于攻击服务价格低廉,DDoS是一种任何人都可以使用的流行攻击方法。2021年下半年,微软平均每天缓解1,955次攻击,比上半年增加40%。然而,与2021年8月10日缓解的4,296次攻击相比,这相形见绌。总体而言,

苏州游戏客户服务器托管防DDOS攻击,选择哪个机房合适?苏州游戏客户服务器托管防DDOS攻击,选择哪个机房合适?Feb 27, 2024 pm 07:13 PM

AI人工智能、短视频、直播行业和游戏产业的快速发展,服务器托管已成为许多企业的必备选择。然而,随着网络攻击的日益猖獗,DDOS攻击成为托管服务中一个不可忽视的问题。苏州作为中国的重要IT城市,许多企业和游戏客户选择在此托管服务器。为了确保服务器的安全,制定一个有效的防DDOS攻击方案至关重要。苏州服务器托管防DDOS攻击一、了解DDOS攻击首先,我们需要深入了解DDOS攻击的原理。DDOS,即分布式拒绝服务攻击,通过大量合法的或恶意的请求拥塞服务器,使得正常用户无法访问。这种攻击形式多样,常见的

ddos三种攻击方式是什么ddos三种攻击方式是什么Jan 29, 2023 pm 05:25 PM

ddos三种攻击方式是:1、SYN/ACK Flood攻击;主要是通过向受害主机发送大量伪造源IP和源端口的SYN或ACK包,导致主机的缓存资源被耗尽或忙于发送回应包而造成拒绝服务。2、TCP全连接攻击;它是为了绕过常规防火墙的检查而设计的。3、刷Script脚本攻击;特征是和服务器建立正常的TCP连接,并不断的向脚本程序提交查询、列表等大量耗费数据库资源的调用。

关于机器人攻击的七个神话和误解关于机器人攻击的七个神话和误解Apr 12, 2023 pm 06:49 PM

尽管机器人攻击比以往任何时候都更加普遍,但围绕它们存在一些未经证实的神话。 通过了解这些误区,您将能够更好地保护您的网站免受潜在损害并让您的客户满意。以下是七个最常见的机器人神话及其真相。1.防火墙将阻止复杂的机器人攻击73%的企业认为遗留 WAF 将保护他们免受机器人攻击。 WAF 是保护 Web 应用程序的第一道防线之一。它涵盖了最关键的风险,包括但不限于OWASP Top 10。 WAF 可用于通过创建 WAF 规则来阻止恶意机器人程序。它的基本缓解措施包括应用速率限制来管理可疑的 IP

PHP华为云API接口对接中的DDoS攻击防护与网络安全配置建议PHP华为云API接口对接中的DDoS攻击防护与网络安全配置建议Jul 05, 2023 pm 08:02 PM

PHP华为云API接口对接中的DDoS攻击防护与网络安全配置建议随着云计算的快速发展,越来越多的企业选择将业务迁移至云平台。华为云作为领先的云服务提供商,提供了丰富的云计算产品和服务。在进行PHP华为云API接口对接过程中,安全性一直是一个重要的问题。本文将重点讨论如何通过配置华为云的DDoS攻击防护功能和网络安全设置来保障系统的安全。并结合代码示例,给出具

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),