Last time the Web site Security alliance used to help the site solve DDoS attacks: first of all, to determine the site attack is DDoS, then determine the type of DDoS attack, and build a defensive system, followed by the implementation of the defense system, view the effect and adjust the defense system.
That how to determine the site attack is DDoS, summed up, in a DDoS attack, the general will appear following several symptoms, you can say if the site server appears all the following symptoms, the site can be basically determined to be a DDoS attack.
1, the normal service provided by the website becomes abnormal
The symptom is: Web server provides page browsing, uploading and other services become very slow or no longer provide services. For example, to mention a forum site, the normal page can not open or open the speed is very slow, if it is a DDoS attack, it will appear such a phenomenon. But there may also be web site bandwidth or other reasons, so you need to synthesize other symptoms to judge.
2012-4-1 16:28 Upload
Download attachment (11.8 KB)
2, the server processing capacity full load
If the webmaster found that the original normal server CPU, memory and other consumption is very large, the CPU is 100% of the state, most likely to be caused by DDoS.
2012-4-1 16:29 Upload
Download attachment (41.18 KB)
3. Network Jam
If you have a large number of illegal packets or fake packets on your network, this is one of the symptoms of DDoS. Eesafe Contact the most typical case is the same IDC under a number of sites can not access, this is because of the huge to unimaginable data influx to the entire IDC portal node, resulting in the IDC was DDoS knocked down, resulting in the entire IDC all the Web site can not access, stop the service. This is even more apparent if you are targeting a single IP for a Web server.
2012-4-1 16:30 Upload
Download attachment (14.58 KB)
4, the server frequently freezes or reboots
If DDoS attacks occur, especially if the CPU is at a high risk of 100% utilization, the server restarts repeatedly.
So to determine whether the server encountered DDoS is to start from multiple directions, a single symptom is not accurate to determine the site is a DDoS attack, if there are symptoms and interrelated, then can locate DDoS attacks to determine the type of DDoS attack and build a defensive system.
Original article, Pure hand Dozen, reprint please specify the copyright belongs to: Eesafe website Security Alliance
Original article, reprint please use the link way to indicate: http://www.eesafe.com/bbs/thread-503-1-1.html
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.