A detailed approach to DDoS attack technology

In general, the idea of DDoS is that it can use useless traffic to occupy all the bandwidth in the network, resulting in data congestion, which can not work properly. Of course, this is really a kind of DDoS attack, but this concept actually includes other types that can occupy server resources through an attack. This means that, because of the server resources, DDoS attacks can be successful, regardless of the amount of network bandwidth available. To truly ensure that the network is protected from similar attacks, Internet connections and servers need to be protected.

AD:

DDoS attacks are targeted at the TCP/IP infrastructure in the network. These attacks can be divided into three types: one is to take advantage of a known flaw in the TCP/IP protocol stack, one for TCP/IP vulnerabilities, and the other to try and engage in real brute force attacks.

In recent days, such attacks have become simpler and more prevalent because of the spread of botnets in Windows systems. Is it not a very happy thing to drown enemy websites in the sea of useless data?

In fact, attackers now do not even need to take advantage of any hacker's support to launch a denial of service attack. News from Warisin shows that a zombie network can be rented from criminals for as long as 8.94 dollars per hour.

Why pay if you can launch a DDoS attack with a dummy software? The news from the Internet Storm Center, an association of Systems management, networks and security, shows that in this wave of DDoS attacks against commercial companies, people started using low orbital ion cannons, An open source Dos attack tool to attack the ports on a card or visa site. The only thing the user needs to do is click on the mouse and the attack begins.

The low orbital ion cannon is a very powerful tool. It can use a large amount of garbage traffic to attack the target site, resulting in exhaustion of network resources, resulting in network crashes, unable to provide services. The only "interesting" thing about this attack is that Twitter is used to coordinate the attack process.

If you want to know how DDoS attacks are being attacked, here is my comprehensive introduction to DDoS attack technology.

vulnerabilities in the implementation of TCP/IP protocol stack

(ping Attack of death)

For a pattern that exploits vulnerabilities in the TCP/IP protocol, a typical example is the ping attack of Death . This vulnerability could allow an attacker to create an IP packet that exceeds the maximum limit of 65536 bytes for IP standards. A crash occurs when the mega packet enters a system that uses a compromised TCP/IP protocol stack and operating system.

All the latest operating systems and protocol stacks can guard against the death Ping mode attack, but from time to time I find that someone is still running a system that is unable to prevent death from ping attacks. This situation tells us that everyone should be in time to update the network equipment and software. Just because it still works, doesn't mean it's safe.

(tearing mode)

Another way to attack vulnerabilities in TCP/IP operations is to tear the pattern , which exploits the vulnerability of the system to the timing of the reassembly of IP packet fragments. Because networks are so accessible, IP packets can be broken down into smaller slices. All of these sections contain headers from the original IP packet, and an offset field to identify which bytes are contained in the original packet. With this information, a corrupted generic packet can be assembled at the destination in the event of a network outage.

In a torn attack, the server will be attacked from a spoofed fragmented packet containing overlapping offsets. If the server or router cannot ignore these fragments and try to regroup them, the system crash will soon occur. But if the system is updated in time, or if you have a firewall that can guard against tearing up the attack, you don't have to worry about this kind of problem.

DDoS attack technology is not only the content of the introduction, we will continue to introduce the article in the future, I hope we have a lot to master. Original: http://netsecurity.51cto.com/art/201103/252404.htm