Distributed denial of service attacks on web front-end security

Source: Internet
Author: User
Tags ack

First, the principle of DDoS attack
Distributed denial of service, distributed denial of service, uses the target system network services function defect or directly consumes its system resources, so that the target system can not provide normal service. A large number of legitimate requests to occupy a large number of network resources to achieve the purpose of paralysis network. There are several forms:

  • By overloading the network to interfere with or even interrupt the normal network communication;
  • Overloading the server by submitting a large number of requests to the server;
  • Blocking a user from accessing the server;
  • Block the communication of a service to a particular system or individual.

SYN Attacks, synchronous, are a specific manifestation of DDoS attacks.
SYN is the handshake signal used when TCP/IP establishes a connection, and in the three handshake process, after the server sends Syn-ack, the TCP connection before the client's ACK is called a semi-connection, when the server is in the SYN_RCVD state. When an ACK is received, the server can be transferred to the established state.

Syn attack refers to the attack client in a short period of time to forge a large number of non-existent IP addresses, to the server constantly send SYN packets, the server replies to the confirmation packet, and wait for the customer's confirmation. Normal SYN requests are discarded, causing the target system to run slowly, causing network congestion and even system paralysis.

Second, the defense of SYN attack
1. Shorten time-out (SYN timeout)
2. Increase the maximum number of half connections
3. Filter Gateway Protection

Distributed denial of service attacks on web front-end security

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.