For the recent burst of many websites are ddos ​​attack wrote to you webmasters

Intermediary trading http://www.aliyun.com/zixun/aggregation/6858.html"> SEO diagnostic Taobao customer hosting technology hall

DDOS is the English abbreviation of Distributed Denial of Service, which means "Distributed Denial of Service", DDOS Chinese called Distributed Denial of Service attacks, commonly known as flood attacks. DoS attack there are many ways, the most basic DoS attacks is to use reasonable service requests to take up too many service resources, so that legitimate users can not get the service response.

7 kinds of common DOS attack rules

1.Synflood: This attack sends SYN packets to the destination host with multiple random source host addresses, and does not respond after receiving the SYN ACK of the destination host. In this way, the destination host sets up a large number of connection queues for these source hosts , And because these queues have been maintained since no ACK was received, there has been a heavy drain on resources and no service to normal requests.

Smurf: This attack sends a packet with a specific request (such as an ICMP echo request) to the broadcast address of a subnet and disguises the source address as the host address of the attacker. All hosts on the subnet respond to the broadcast packet request to the attacked host, so that the host is attacked.

3.Land-based: An attacker will be a source and destination address of the packet are set to the address of the target host, and then the packet through IP spoofing sent to the attacked host, this package can cause the attacked host due to try Connect with yourself and fall into an infinite loop, which greatly reduces system performance.

4.Ping of Death: According to the TCP / IP specification, the maximum length of a packet is 65536 bytes. Although a packet can not exceed 65536 bytes in length, the overlay of multiple fragments into a single packet can be done. When a host receives a packet greater than 65536 bytes in length, it is attacked by Ping of Death, which can result in a host downtime.

5.Teardrop: IP packets in the network transmission, the packet can be divided into smaller fragments. An attacker can implement TearDrop attacks by sending two (or more) packets. The offset of the first packet is 0, the length is N, and the offset of the second packet is less than N. In order to merge these data segments, the TCP / IP stack allocates unusually large resources, resulting in a lack of system resources or even a machine restart.

6.PingSweep: Use ICMP Echo to poll multiple hosts.

7.Pingflood: This attack sends a large number of ping packets to the destination host in a short time, resulting in network congestion or exhaustion of host resources. For the characteristics of ddos, write a little defense to everyone.

First: modify the registry, to prevent mild DOS attacks. Do not have to write this, we will, their GOOGLE to find information to go.

Second: limit the server an IP address 1-3 TCP connection. If your website more than 6 proposed frame. Do not be too much. More than the number of restrictions on the closure of IP, the closure of time to pay attention to see the last one.

Third: Open the firewall only 80, and your remote management port through. Any other port can be closed off.

Fourth: TCP message limit, the TCP connection time to a second server to send a minimum of five messages, or closed IP, because most of the DDOS seconds to send the message in 1-4. Just shake hands with the server to leave immediately. Normal access, such as open web pages are more than 5 messages above. Of course, there are exceptions, in order to resist DD, manslaughter one or two does not matter.

Fifth: Server resource consumption, an IP gave 100KB per second of the browser. Open the page normally enough.

Sixth: Server Progressive Proxy Server Access. After capturing packets analysis, DD many IP inside the proxy server.

Seventh: 80 TCP time_wait time to connect the air interface to change the small point. 10-15 seconds it. 10 seconds can not open your website on the seal browsing IP.

Eighth: it is important to seal ip time, 5-10 seconds can be, sealed too long, some normal client IP just the same as the pseudo-IP, it is easy to seal off the real user. Closed for 5 seconds, effectively prevent DDOS. Is really the user is sealed, refresh it can open again. For DDOS this "hold" about the server IP fake IP more effective.

Write so much, continue next time. . . This article is from: http://hi.baidu.com/nick_jack