A detailed tutorial on the principle and protection measures of DDoS attack by JavaScript

Introduction to DDoS

The most common attack is a distributed denial of service (DDoS) attack on a Web site. In a typical DDoS attack, an attacker consumes service resources by sending a large amount of data to the server. To prevent access to other users.

If a hacker uses JavaScript DDoS attacks, then any computer can become a broiler, making the potential attack volume almost unlimited.

Analysis of the principle of DDoS attack by JavaScript

The interactivity of the site is now implemented through JavaScript. Inserts HTML elements directly by adding JavaScript, or by loading JavaScript remotely. The browser reads the SRC attribute in the script tag and runs the script it points to, not just a script tag can be used to attack, but simply a tag that can be accessed across domains, such as img,link, to achieve a DDoS attack.

Since these tags can access the outbound resources, then we can set a timer unlimited access to the site, so as to achieve the attack, that is certain.

The ultimate DDoS attack approach

If it is just a computer to attack, that also made no harm, unless the site is not the other side of security protection, now most sites are useful CDN to hide the real IP, and most of these sites also have anti-DDoS attacks, many sites will also set the site blacklist, If a computer is constantly being accessed over a period of time, it is likely that the blacklist will be added. Then there is no way.

Naturally, as long as you open the site, hackers have the means to attack, of course, to see the hacker's technology.

Today's sites use almost all of the JavaScript libraries. In order to save bandwidth, improve performance, many sites through Third-party web hosting services, to load these JS libraries. If there is malicious code in the JS Library of these third party websites, it is likely to be exploited, and some of the hackers can modify the script by cracking the background of these third party websites. If users visit this site will download these scripts and execute, these users of the computer will become a broiler, if the site visits a large number of words, then ...

In simple terms, you can attack a target site by visiting a larger site.

Protection measures

To address this problem, the consortium proposes a new feature called the integrity of the child resource, and you can tell the browser if it does not meet your desired running script by using cryptographic hashes. It's like a fingerprint: only two files have the same hash, so they can be matched, and when the user's computer downloads the script, the browser calculates its hash, and if it does not match the expectation, the script is tampered with and the browser will not execute the script.

That's how we used to reference scripts.

<script src= "Http://www.xxx.com/xxx.js" ></script>

The way it is now

<script src= "Http://www.xxx.com/xxx.js" integrity= "sha384-hk8q2gkbjirpighah+ SGQYMV6I6MFX2JVZWJ50JYYHKUEHASU6AS1UTWSO32WUGL "crossorigin=" anonymous ><br><br>integrity: Hash value <br>crossorigin: is to ensure the proper implementation of the browser's homology strategy to prevent Cross-site scripting (XSS) attacks <br><br> generate hash values for Web sites: www.srihash.org