In the network security world, DDoS attacks are not a new term. The earliest DDoS attacks date back to 1996, and in China, DDoS attacks began to occur frequently in 2002, and 2003 has begun to take shape. In recent years, however, this cliché of cyber-attacks has created a huge cyber-security threat with new ways of attacking.
"In fact, DDoS attack is not a strange topic, but it is a security problem that cannot be neglected." "The new trend for DDoS attacks is to move from the TCP/IP layer to the application tier," says Jia Yubin, the Barracuda technology director. ”
According to Gartner, DDoS attacks account for around 25% of all application-level attacks in 2013 years. DDoS attacks based on application tiers grow at a rate of three times times a year. In the past, DDoS attacks used a large number of forged UDP, TCP SYN, or ICMP traffic to attempt to drown the target network. However, today's attack platforms have evolved into DDoS attacks containing application tiers, targeting Web systems and DNS systems.
"As the attacks and targets change, it will make any application on the Internet likely to be an attack target and more than 70% of the random victims," Jia Yubin said. "In his view, the current DDoS attack methods and methods are mainly three kinds:
1, large-flow type of attack, mainly by a large number of botnet and application layer DDoS attack victims of Web applications, such as large traffic access needs to consume a large number of system resources URLs, resulting in web application crashes;
2, anonymous organizations, the organization through social networking network to organize a large number of people and provide Loic and JS Loic two tools, those from the social network are really real person rather than zombie mainframe, so this attack is more difficult to prevent;
3, slow client attacks, this use of the HTTP protocol itself, the flaw, only a very small amount of resources to quickly make the target victim's site into paralysis, the typical tool such as Slowloris, the current attack is very popular, from the Protocol's compliance analysis, this attack flow is normal traffic, Therefore, the protection device that relies on the feature library and blacklist technology cannot detect this kind of attack.
In the face of new forms of DDoS attacks, Jia Yubin points out that there is still much room for improvement in China's work against DDoS attacks. At present, the majority of enterprises and institutions still remain in the defense of the network layer of DDoS attack protection or the protection of large traffic attacks, which is clearly not enough. ”
In this regard, Jia Yubin also provides advice on how to defend against DDoS attacks. He pointed out that the defense of DDoS attacks need to focus on two aspects of defensive measures:
1, the deployment of border network firewall and IPS, filtering network layer of DDoS attacks;
2, the deployment of Web application Firewall (WAF), defense of the application layer DDoS attack protection, provided that the deployment of WAF need to support the zombie (host) network attack identification and protection, slow client attack protection, anonymous attack protection.
In any case, when the seemingly obsolete attack of DDoS comes back with a new attack, it is likely to become part of a network security problem without effective active defense. To be sure, this is a security issue that must not be overlooked.