DDOS attack manifestations, attack principles, hazards and defense methods

the manifestation of DDOS attacks

There are two kinds of traffic attacks.anti DDOS One is a traffic attack that mainly targets network bandwidth. It uses a large number of attack packets to block the network bandwidth.

The other is a resource exhaustion attack against the server host, which causes the host to run out of memory or CPU to be occupied by the kernel and applications, resulting in the inability to provide network services.

When under a DDOS attack, the network or server displays the following.

Many TCP connections are virtual Machine cloud waiting on the attacked host.

The network is flooded with a large number of useless packets with false source addresses.

There is a large amount of useless data flow, severe congestion control, and the host is unable to communicate with the outside world.

Specific service requests are sent repeatedly at high speed,vpshosting but the victim host is unable to process all normal requests in time.

In serious cases, it will cause the system to crash.

the principle of DDOS attack

DDOS attack requires the attacker to control the online computer network. Computers connected to the Internet (or IoT devices, such as cameras) are infected with malware and become puppets. Once the network of puppets is established, the attacker can control this machine by sending updated commands to each of the broilers via remote control. Since each puppet is a legitimate Internet device, it is difficult to separate attack traffic from normal traffic.

In short, it is a group behavior, launched simultaneously with the help of hundreds or even thousands of hacked hosts that have installed the attack process.

the danger of DDOS attacks

DDOS is known as the most horrible network to carry out the attack, the current largest DDOS attack is the United States well-known security researcher Brian Krebs security management blog suffered a DDOS attack, the attack peak can reach 665G.

DDOS attacks are low cost but highly aggressive and destructive and are often utilized by network hackers.DDOS attacks usually cause the following damages.

It can directly lead to website downtime, server paralysis, consume a large amount of bandwidth or memory, cause damage to authority, brand shame, loss of property and other huge losses, a serious threat to the development of global Internet information security.

DDOS attack defense methods

1. Ensure that the server software has no loopholes to prevent attackers from invading. Ensure that the server uses the latest system with security patches and no security holes. Delete unused services on the server and close unused ports.

2. Hide the real IP address of the information server. For example, the front-end of the web server plus CDN relay, or buy a high defense shield machine, used to hide a server to provide the real IP, domain name resolution can use the IP of the CDN, all the data resolution of the sub-domain name to use the IP address of the CDN. In addition, other domain names deployed on the server can not meet the use of their own real IP resolution, all need to use CDN to resolve.

3. Prevent the server from leaking IP address, such as the server does not use the function of sending emails, because the email header will leak the IP address of the server, you can send emails through the third-party proxy.

4. Optimize routing and network structure. Set up the router reasonably to reduce the possibility of being attacked. Optimize the hosts that provide services to the outside world and restrict all hosts that provide public services on the Internet.

5. Defense against DDOS attacks also starts with the source code. Do a good job of protecting your PC and IoT devices, don't download applications from unknown sources, update security patches regularly, and close unnecessary ports to prevent devices from being maliciously connected and turned into chickens.

cloud server hk: Efficient, Reliable, Global Connectivity for Seamless Operations.

DDOS attacks network attacks iot

0