Home > Internet > Online Trends

What is DDoS Attack

Source: Internet
Author: User
Keywords ddos ddos attack ddos attack defination
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
The full name of DDoS is distributed denial of service, which means "distributed denial of service" in Chinese. It means that a large number of legitimate distributed servers are used to send requests to the target, so that normal legitimate users cannot obtain services. Generally speaking, network node resources such as: IDC server, personal PC, mobile phone, intelligent device, printer, camera and so on, launch a large number of attack requests on the target, resulting in server congestion and unable to provide normal services, can only announce game over
2. Why hackers choose DDoS
Unlike other malicious data tampering or hijacking attacks, DDoS is simple and crude, which can directly destroy the target. In addition, compared with other attack methods, DDoS technology requirements and the cost of launching attacks are very low, only need to buy part of the server permissions or control a batch of broilers, and the corresponding attack speed is fast, the attack effect is visible. On the other hand, DDoS is easy to attack and difficult to defend. In order to meet the needs of normal customers, service providers need to spend a lot of resources to confront the attack initiator. These characteristics make DDoS become a good sword in the hands of hackers, and the thunderbolt.
On the other hand, although DDoS can erode bandwidth or resources and force service interruption, it is far from the true purpose of hackers. The so-called "no business, no killing". DDoS is just a nuclear weapon in the hands of hackers. Their purpose is either extortion, commercial competition, or to express political stance. Driven by this kind of black interests, more and more people participate in this industry and upgrade the attack means. As a result, DDoS is becoming more and more serious in the Internet industry, and has become a stubborn disease that can not be conquered in the world.
3. DDoS attack mode
A service needs to face the public, so it needs to provide user access interfaces. These interfaces just give hackers the opportunity to take advantage of. For example, they can use the TCP / IP protocol handshake defect to consume the server's link resources, and can use the stateless mechanism of UDP protocol to forge a large number of UDP packets to block the communication channel It can be said that since the birth of the Internet, there has been no lack of attack points exploited by DDoS. From TCP / IP protocol mechanism to CC, DNS, NTP reflection attacks, even more advanced and accurate attacks are launched by using various application vulnerabilities.
In terms of the harmfulness and attack behavior of DDoS, we can divide DDoS attacks into the following categories:
a) Resource consumption attacks
Resource consumption class is a typical DDoS attack, and the most representative ones include SYN Flood, ACK flood and UDP
Flood。 The target of this kind of attack is very simple. It consumes normal bandwidth and protocol stack processing resources through a large number of requests, so as to achieve the purpose that the server can not work normally.
b) Service consumption attack
Compared with the resource consumption attack, the service consumption attack does not need too much traffic. It mainly focuses on the characteristics of the service, such as CC of web, data service retrieval, file service download and so on. This kind of attack is often not to congestion traffic channel or protocol processing channel, they are to let the server always deal with the busy state of high consumption business, and then can not respond to normal business.
c) Reflection attack
Reflection attack is also called amplification attack. This kind of attack is mainly based on UDP protocol. Generally, the traffic of request response is much larger than that of request itself. The attacker can create a large-scale traffic source with a small traffic bandwidth through the characteristics of traffic amplification, so as to attack the target. In a strict sense, reflection attack is not a kind of attack, it only uses the business characteristics of some services to launch flood attack with less cost
d) Hybrid attack
Hybrid attack is a combination of the above several types of attacks, and in the process of attack to detect and select the best attack mode. Hybrid attacks are often accompanied by two types of attacks: resource consumption and service consumption.
4. DDoS protection is difficult
On the one hand, in the past decade, the core components of network infrastructure have never changed, which makes some of the vulnerabilities that have been discovered and exploited and some mature attack tools have a long life cycle, which is still valid even today. On the other hand, with the rapid development of Internet seven layer model application, DDoS attack targets are diversified. From web to DNS, from three-tier network to seven tier application, from protocol stack to application app, endless new products have also given hackers more opportunities and breakthrough points. Moreover, DDoS protection is a project with unequal technology and cost. Often, the construction cost of a business's DDoS Defense system is larger than the cost or income of the business itself, which makes many start-up companies or small Internet companies unwilling to make more investment.
5. DDoS protection measures
DDoS protection system is essentially an intelligent system based on resource competition and rule filtering. The main defense measures and strategies include:
a) Resource isolation
Resource isolation can be seen as a shield for user service. This protection system has extremely powerful data and traffic processing capabilities, filtering abnormal traffic and requests for users. For example, for SYN Flood, the protection shield will respond to syn cookie or syn reset authentication. Through the authentication of data source, it can filter the attacks of forgery source data packet or power generation attack, so as to protect the server from the erosion of malicious connection. Resource isolation system mainly protects the third and fourth layers of ISO model
b) User rules
From the perspective of service, DDoS protection is essentially a war between users and hackers relying on anti-D protection system. In the whole process of data confrontation, service providers often have absolute initiative, and users can base on specific rules of anti-D system, such as traffic type, request frequency, packet characteristics, delay interval between normal business, etc. Based on these rules, users can better resist the DDoS of seven layer classes and reduce the resource overhead of the server on the premise of satisfying the normal service itself.
c) Big data intelligent analysis
In order to construct a large number of data streams, hackers often need to construct request data through specific tools. These packets do not have some behaviors and characteristics of normal users. In order to combat this kind of attack, we can analyze the massive data, and then model the legitimate users, and use these fingerprint features, such as HTTP model features, data sources, request sources, etc., to effectively filter the white list of request sources, so as to realize the accurate cleaning of DDoS traffic.
d) Resource confrontation
Resource confrontation is also known as "dead load", that is, through a large number of servers and bandwidth resources to achieve the effect of calmly dealing with DDoS traffic

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
what is the ddos attack ddos attack what is it what ddos attack what is a ddos attack and how does it work attack ddos what a ddos attack looks like ddos what is it
Related Article
Getting Started with CDN
Front-end Must Learn: CDN Acceleration Principle
Elements of CDN Network
Understand the Principle of CDN Acceleration in One Article
Cloud Security Issues Derived from the Development of Cloud C...
8 New Types of Attacks Facing the Cloud Environment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Hot Article
Hot Tags
computing conference access forum computer class data get http html applications
Popular Keywords
html add blank space register business logo register ssl certificate full site sign in sign up node js build cloud register register a subdomain in python network management system tutorial how to learn computer science by myself

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More