Arbor detailed current DDoS three attack means

What is DDoS?

DDoS attacks are a test proposed by an attacker to deplete resources available to the network, the application or the service, so that real users cannot access those resources. It is an attack by a group of malicious software-infected computers or voluntary client computers that attempt to deplete the resources of a particular network, web site, or service. However, not all DDoS attacks operate in the same way.

DDoS attacks can be divided into a variety of different ways. These include flood attacks and the increasingly top level of use of aggressive tactics/things. Flood attacks rely on a lot of traffic/conversation to deplete a policy, such as TCP SYN, ICMP, and UDP floods, and the top level of application-level aggressive tactics/things including Slowloris, Killapache, etc.

DDoS attacks can be divided into large flow attacks, TCP status exhaustion or application layer invasion. In the 2nd quarter of 2011, Kapersky's DDoS assault statement, HTTP flooding is the most common DDoS technique, it is an example of the use of the layer of aggression. The use of the level of invasion of the dominant position reflects the rapid evolution of DDoS has been removed from the traditional large flow of invasion direction.

Large-Volume invasion

The massive flow of traffic on the Internet makes the bandwidth and infrastructure of the network full, consumes it, and then completes the intent to engulf the network. Once the traffic goes beyond the capacity of the network, or some other network interface with the Internet, the network will not be accessible, as shown in the figure above. Examples of large-flow attacks include ICMP, fragmentation, and UDP floods.

TCP condition is exhausted to invade

TCP status exhaustion attempts to consume many infrastructure components (such as load balancers, firewalls, and the use of the service itself) in the context of the convergence table. For example, it is necessary for a firewall to dissect each packet to determine that the packet is discrete, and the existence of existing convergence is still the end of the existing convergence. In the same sense, the aggressive protection system has to be shadowed in order to perform an analysis based on signature packet detection and the status of protocols. These devices and other equipment that are in condition-including as equalizer-are frequently captured by conversation floods or joint incursions. For example, Sockstress invasion can turn over the socket to fill the link table to quickly swallow the firewall status table.

Using layers to invade

Use layers of intrusion to use the more top-level mechanism to complete the hacker's policy. The use of a layer of aggression is not the use of traffic or conversation to engulf the network, it is a specific application/service slowly deplete the application layer of resources. The use of layer incursions is very useful at low flow rates, and from the agreement point of view, the traffic in the incursion may be legal. This makes the use of layer attacks more difficult to detect than other types of DDoS attacks. HTTP floods, DNS dictionaries, Slowloris, etc. are examples of the use of layers of aggression.

Pravail Availability Maintenance System for Arbor networks (APS)

Arbor Networks pravail Availability Maintenance System (APS) is specially described for the company, it supplies open package can be used, over the theory of the detection of DDoS attack identification and mitigation functions, such functions can be used with very little equipment quickly layout, and even in the process of attack to decorate. Pravail APS is focused on ensuring that the network gap is secure from targeted availability, especially in the maintenance of targeted DDoS attacks, and the increasingly serious challenges faced by managers in DDoS attacks. Using a series of counter measures, Pravail APS detects and blocks DDoS attacks, especially in cloud environments where it is difficult to detect intruders.

The original address of this article: http://www.zkddos.com/wendang/fangyu/6.html, reprint please indicate the source, at the same time welcome everyone to visit the blog and give comments and suggestions.