How to solve the problem in time of SYN attack on domestic website

1, Syn/ack flood attack: This attack method is the classic most effective DDoS method, can kill various systems of network services
, mainly by sending a large number of SYN or ACK packets to the compromised host, causing the host's cache resource to be consumed
Do or are busy sending response packets resulting in denial of service, because the source is forged so it is difficult to trace, the disadvantage is to implement
There is a certain difficulty that requires high-bandwidth zombie host support. A small amount of this attack can cause the host server to be inaccessible, but it can
With the ping, the Netstat-na command on the server will observe the presence of a large number of syn_received states, a large number of such
An attack can result in a ping failure, a TCP/IP stack failure, and a system solidification that does not respond to the keyboard and mouse. General Fire Protection
The wall is largely unable to withstand this type of attack.

2, TCP full connection attack: This attack is designed to bypass the inspection of conventional firewalls, in general, conventional anti-
Most of the firewall has the ability to filter teardrop, land and other Dos attacks, but for the normal TCP connection is spared, but very
Multiple network services (such as IIS, Apache and other Web servers) can accept a limited number of TCP connections, once there is a large number of
TCP connections, even if they are normal, can cause Web site access to be very slow or even inaccessible, and TCP full-connection attacks are
Multi-Zombie hosts continue to establish a large number of TCP connections to the victim server until resources such as the server's memory are exhausted and dragged across
resulting in denial of service, this attack is characterized by bypassing the protection of the general firewall to achieve the attack, the disadvantage is to find
Many zombie hosts, and because the IP of the zombie host is exposed, it is easy to be traced.

3, Brush script attack: This attack is mainly for the existence of ASP, JSP, PHP, CGI and other scripts, and call
MSSQLServer, MySQLServer, Oracle and other databases of the web system design, characteristics and the server set up a normal
TCP connection, and continuously to the script program to submit queries, lists and other expensive database resource calls, typical of small broad
Attack method. In general, the cost of submitting a GET or post instruction to the client and the consumption of bandwidth are almost negligible,
While the server may have to identify a record from tens of thousands of records in order to process this request, the cost of the resource is
Very large, the common database server can rarely support hundreds of query instructions to execute simultaneously, which for the client is a light
The attacker simply submits a large number of query commands to the host server through proxy proxies, which in just a few minutes
Server resource consumption and lead to denial of service, the common phenomenon is that the site is slow, such as snail, ASP program failure, PHP connection database
Failure, the database main program occupies a high CPU. This attack is characterized by the ability to bypass normal firewall protection and easily find a
Proxy proxies can be attacked, the disadvantage is that only static pages of the site effect will be greatly compromised, and some proxies will
Exposes the attacker's IP address.

How to solve the problem in time of SYN attack on domestic website