In the event of a server encounter, DDoS (Distributeddenialofservice, distributed denial of service) attack is a very good hacker behavior, it can make a large server cluster can also be a quick access failure. With the increase of Internet network bandwidth and the continuous release of multiple DDoS hacker tools, DDoS attack is becoming more and more easy to implement. Many IDC hosting rooms, commercial sites, game servers. Internet service providers such as chat networks have long been plagued by DDoS attacks.
The DDoS attack strategy focuses on sending a large number of seemingly legitimate network packets to the victim host through a number of "zombie hosts" (hosts that are invaded or indirectly exploited by attackers), causing network congestion or exhaustion of server resources, which can result in denial of service, as shown in the figure.
Once the distributed denial of service attack is implemented, the attack network packet will be like flood 舣 to the victim host, which can drown the legitimate users ' network packets, and cause the legitimate users to not access the server's network resources normally, so the denial of service attack is called "Flood attack", The common methods of DDoS attack are Synflood, Ackflood, Udpflood, Icmpflood, Tcpflood, Connectionsflood,scriptflood, proxyfloor! and so on.
With the development of computer and network technology, the processing ability of computer is increasing rapidly, and the memory is greatly increased, which makes the difficulty of DDoS attack increased. The target's "digestion" of the malicious attack pack has been enhanced, for example, the hacker's attack software can send 3,000 attack packs per second, but the target host and network bandwidth can handle 10,000 attack packs per second, so the attack will not have any effect.
When a target computer encounters a DDoS attack, there are several possible phenomena that can occur
* The host on the attack has a TCP connection waiting for the child. For example, the original can be very fluent open dozens of IE browser window, now can only very difficult to open i~2, the other is in the waiting.
* The network is full of useless packets of large children, the source address is false. For example, no network operation was performed, but the data lights on the exchange machine flashed wildly.
* Create high stream of useless data, resulting in network congestion, so that the injured host can not be normal and the outside flood; when the other side of the attack is extremely violent, has far exceeded the target host's bandwidth digestion, the target host will not be able to do any network operations.
* Using the services provided by the victim host or the transmission protocol defects, repeatedly high speed to issue a specific service clearance, so that the injured host can not deal with all the normal clearance in time.
* Severe will cause XP system panic.