DDos (Distributed denial of service), distributed denial of service, often found such attacks in games, online business, and so on, are generally competitors. What are the ways of DDoS attacks?
1 Traffic attack (four layers)
Mainly for network bandwidth attack, that is, a large number of attack packets caused the network bandwidth is blocked, legitimate network packets are overwhelmed by false attack packets and unable to reach the host.
1.1 Syn/ack Flood attack
This is a very old attack method, but the prophase is quite effective, mainly by sending a large number of false source IP and source port to the victim of the SYN or ACK packet, resulting in the host's cache resources are exhausted or busy sending response packets resulting in denial of service, because the source is forged so it is more difficult to track, The disadvantage is that it is difficult to implement and requires a high-bandwidth zombie host support.
2 Resource exhaustion attacks (seven layer, also called application attack)
This is primarily an attack on the server host, which means that the host's memory is exhausted by a large number of attack packets or the CPU is not able to provide network services due to the kernel and the application.
2.1TCP Full Connection attack
This attack is designed to bypass the regular firewall inspection, generally, the conventional firewall mostly has the ability to filter teardrop, land and other Dos attacks, but for the normal TCP connection is spared, here send a large number of seemingly normal TCP connection requests, so that the server performance drops rapidly. A TCP full-connection attack is a denial-of-service feature that can be exploited to bypass the protection of a general firewall by constantly establishing a large number of TCP connections with the victim server through many zombie hosts until resources such as server memory are exhausted and dragged across.
2.2 Brush Script attack
General site A few common weaknesses module: 1, login authentication 2, comment 3, User Dynamics 4, Ajax API, etc., they want to read or write the database, establish a large number of connections. In general, the cost of submitting a GET or post instruction to the client and the consumption of bandwidth is almost negligible, and the server to process this request may be from tens of thousands of records to find out a record, this process of resources is very expensive, A common database server can rarely support hundreds of query commands at the same time, which is a breeze for the client,
Attacks are diverse, how to deal with such attacks, there are some methods.
1. For traffic attacks, now the corresponding scheme is also very mature, the general establishment of firewalls , with traffic monitoring software to see if the analysis is affected by traffic estimation, the firewall to establish the corresponding rules, can reduce the attack.
2. using cloud servers and CDN Services , generally can build cloud service providers, bandwidth is very large, they also have a corresponding anti-DDoS attack contingency plan, the use of CDN can keep static pages can be accessed, for dynamic site function is not effective.
3. ban from the application layer . When the attacker's IP Gangong, unable to DROP the IP or will go to the application layer, this should not allow these requests to enter the operation of the link. Used Kangle know, web Management panel has a very useful function is called: Request control + write back data. After you know the host and UA, set up the request control: Kill all UA accesses while shutting down the connection and writing back the data. Nginx server also has similar function, to use Nginx Http_limit_conn and Http_limit_req module to defend. Ngx_http_limit_conn_module can limit the number of connections to a single IP, ngx_http_limit_req_module can limit the number of requests per second for a single IP, and can protect against CC attacks relatively effectively by restricting the number of connections and the number of requests.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
DDoS attack and defense