Introduction to DDoS denial of service attacks
A denial of service (Denial-of-service) attack is a resource that consumes a target host or network, thereby disrupting or disabling the services it provides to legitimate users. The definition given by the "security FAQ" of the international authoritative body.
DDoS is the use of multiple computer machines, the use of distributed to single or multiple targets simultaneously launched a Dos attack. It is characterized by "paralysis of the enemy" rather than traditional destruction and spy, and the use of Internet-infested computers to launch attacks that are difficult to track.
At present, DDoS attack has developed into a very serious public security problem, which is called "the ultimate weapon of hackers". Unfortunately, however, the current technology to deal with Denial-of-service attacks has not developed at the same rate, and the shortcomings and borderless nature of the TCP/IP Internet Protocol have made it difficult for current national mechanisms and laws to trace and punish DDoS attackers. DDoS attacks are also gradually combined with worms and botnet to develop into a network blackmail tool for automatic multicast, centralized controlled and distributed attacks. According to founder Information Security Technology Co., Ltd. experts introduced, DOS from defense to tracking, has been a lot of methods and theories. For example, syncookie,hip (history-based IP filtering), ACC control, and other tracking aspects also put forward a number of theoretical methods, such as IP traceback, ICMP traceback, hash-based IP Traceback, marking and so on. But at present, these technologies can only play a role in mitigating attacks and protecting the host, so it is a vast engineering problem to eliminate DDoS attacks completely.
Second, the principle of attack
At present, DDoS attacks are mainly divided into two types: bandwidth exhaustion Type and resource exhaustion type.
Bandwidth depletion type is mainly to plug the target network's export, resulting in bandwidth consumption can not provide normal Internet services. For example, Common Smurf attacks, UDP flood attacks, mstream flood attacks, and so on. The most common measure for such attacks is QoS, which restricts traffic to such data streams on routers or firewalls to ensure normal bandwidth usage. Simple bandwidth-depleted attacks are easier to identify and discarded.
Resource depletion type is an attacker using the server to deal with defects, consuming the key resources of the target server, such as CPU, memory, etc., resulting in the inability to provide normal services. For example, Common SYN flood attacks, Naptha attacks, and so on. The resource exhaustion attack utilizes the system to the normal network protocol processing flaw, causes the system to be difficult to distinguish the normal flow and the attack flow, causes the prevention to be more difficult, is at present the industry most concerns the focus question, for instance founder Syngate product is specially guards against this kind of product.
Aiming at the principle of DDoS attack, the prevention of DDoS attack is divided into three layers: Source-end attack source, router-based router, target-end target side guard. The attack-side protection technology has the DDoS tool analysis and the elimination, the guard technology based on the attack source, the backbone network protection technology has the push technology, the IP tracing technology, the target side protection measure has the DDoS attack detection, the router guard, the Gateway Guard, the host establishment and so on method.