Distributed denial of service attacks on web front-end security

First, the principle of DDoS attack
Distributed denial of service, distributed denial of service, uses the target system network services function defect or directly consumes its system resources, so that the target system can not provide normal service. A large number of legitimate requests to occupy a large number of network resources to achieve the purpose of paralysis network. There are several forms:

• By overloading the network to interfere with or even interrupt the normal network communication;
• Overloading the server by submitting a large number of requests to the server;
• Blocking a user from accessing the server;
• Block the communication of a service to a particular system or individual.

SYN Attacks, synchronous, are a specific manifestation of DDoS attacks.
SYN is the handshake signal used when TCP/IP establishes a connection, and in the three handshake process, after the server sends Syn-ack, the TCP connection before the client's ACK is called a semi-connection, when the server is in the SYN_RCVD state. When an ACK is received, the server can be transferred to the established state.

Syn attack refers to the attack client in a short period of time to forge a large number of non-existent IP addresses, to the server constantly send SYN packets, the server replies to the confirmation packet, and wait for the customer's confirmation. Normal SYN requests are discarded, causing the target system to run slowly, causing network congestion and even system paralysis.

Second, the defense of SYN attack
1. Shorten time-out (SYN timeout)
2. Increase the maximum number of half connections
3. Filter Gateway Protection

Distributed denial of service attacks on web front-end security