In-depth understanding of suicide DDoS attacks targeting individual users

Source: Internet
Author: User

At the beginning of this year, a piece of news entitled "8848 was under DDoS attack and suspected to be attacked by Baidu" attracted wide attention from users. In addition to the well-known enterprises on the Internet, the word "DDoS" has attracted the attention of the media and users. Today, we have a deep understanding of DDoS attacks and defense against individual users.

What is DDoS attack?

DDoS is short for Distributed Denial of Service, which means "Distributed Denial of Service" in Chinese ". What is dos? Users can understand that any behavior that causes legitimate users to fail to perform normal network services is a denial of service attack. The purpose of a Denial-of-Service attack is to prevent legal users from accessing normal network resources.

DDoS attacks mainly send a large number of seemingly valid data packets to remote computers through many "zombie hosts", resulting in network congestion or server resource depletion, resulting in denial of service. Once a distributed denial-of-service attack is implemented, attack data packets flood into remote computers, so that legal data packets are drowned and legal users cannot access the network resources of the server. Therefore, distributed denial-of-service (DoS) is also called a "Flood attack ". There are two main types of DDoS attacks. One is traffic attacks, which are mainly attacks against network bandwidth. That is, a large number of Attack Packets Cause network bandwidth congestion, valid network data packets are drowned by false network data packets and cannot reach the host. The other is resource depletion attacks, which are mainly attacks against server hosts, that is, the host memory is exhausted by a large number of attack packets, or the CPU is occupied by the kernel and applications, resulting in the failure to provide network services.

DDoS attack type

DDoS attack types currently mainly include three methods, namely TCP-SYN Flood attack, UDP Flood attack and commit Script attack.

TCP-SYN Flood attack, also known as semi-open connection attack, whenever we conduct a standard TCP connection, there will be a three-way handshake process, and TCP-SYN Flood in its implementation process only the first two steps. In this way, the service provider is waiting for receiving the ASK message from the requester for a certain period of time. Because a server has limited available TCP connections, if malicious attackers send such connection requests continuously, the server's available TCP connection queue will soon be blocked, system resources and available bandwidth drop sharply, and normal network services cannot be provided, resulting in DOS.

UDP Flood attacks are also widely used in the network, and there are many types of UDP-based attacks, for example, devices that currently provide Web pages, emails, and other services on the Internet generally use UNIX servers. By default, they are open to some UDP services that may be exploited maliciously. If malicious attackers intercept UDP services, the available bandwidth of the network will soon be exhausted, resulting in DOS.

Script submission attacks are mainly designed for websites that have ASP, PHP, CGI, and other script programs and call databases such as MSSQL, MYSQL, and ACCESS. First, establish a normal TCP connection with the server, and constantly submit resource-consuming commands such as registration, query, and refresh to the database. In the end, the server's resources are consumed, resulting in DOS.

Defense against DDoS attacks

1. Check and fix System Vulnerabilities

Early detection of possible system attack vulnerabilities and timely installation of system patches. Establishes and improves backup mechanisms for important information (such as system configuration information. Exercise caution when setting passwords for privileged accounts (such as administrator accounts. Through such a series of measures, attackers can be minimized.

2. Delete Redundant Network Services

In terms of network management, you must always check the physical environment of the system and disable unnecessary network services. Establish boundary security boundaries to ensure that the output packages are properly restricted. Check system configuration information frequently and check daily security logs. If you are a single-host user, you can remove unnecessary network protocols and completely disable the NetBIOS service, thus blocking this dangerous "Vulnerability ".

3. Customize firewall rules

Network security devices (such as hardware firewalls) are used to reinforce network security, configure security rules for these devices, and filter out all possible forged data packets, this method is suitable for all Windows operating system users. Take Skynet Personal Firewall as an example to create an empty rule. The rule is as follows: Set "packet direction" to "receive" and "peer IP Address" to "any ", set "protocol" to "TCP", "local port" to "139 to 139", and "peer port" to "0 to 0 ", select "SYN flag" in "flag", select "intercept" in "action", and save the settings. You can also use this method to set other dangerous ports.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.