Characteristics of Ddos packets in ddos cases Zhihu

Is DDOS a software tool to do it? Just use your own computer? If so, is your computer safe?

The principle of DDOS is basically the same as that of ping each other. There are tools that can simulate a machine automatically sending a large number of packets to the target. With or without tools, as long as it can be programmed, the amount of code is not large. A computer is generally not good and the bandwidth is not enough. Moreover, general websites have done computer anti-DDOS attacks. I don't understand, does it mean that their IP will be exposed? General attacks require a lot of computers or chickens. At a certain time, you have to jump many times to attack your own machine and hide through the springboard machine.

How to prevent ddos attacks?

There are five main preventive measures against ddoS attacks.

1. Expand server bandwidth; The network bandwidth of the server directly determines the ability of the server to resist attacks. So when buying a server, you can increase the network bandwidth of the server.

2. Use a hardware firewall; Some hardware firewalls are mainly based on packet filtering firewall modification, and only check packets at the network layer. If DDoS attacks rise to the application layer, the defense ability will be weak.

3. Choose high-performance equipment; In addition to using hardware to prevent fire. The performance of network devices such as servers, routers and switches also needs to keep up.

4. Load balancing; Load balancing is based on the existing network structure. It provides a cheap, effective and transparent method to expand the bandwidth of network devices and servers, increase the throughput, enhance the network data processing capacity, and improve the flexibility and availability of the network. It is very effective against DDoS traffic attacks and CC attacks.

5. Limit specific traffic; If you encounter abnormal traffic, you should check the access source in time and make appropriate restrictions. To prevent the arrival of abnormal and malicious traffic. Proactively protect website security.

What is the principle of ddos firewall?

DDoS firewall is an efficient active defense system, which can effectively defend against many unknown attacks such as DoS/DDoS, SuperDDoS, DrDoS, proxy CC, mutant CC, zombie cluster CC, UDPFlood, mutant UDP, random UDP, ICMP, IGMP, SYN, SYNFLOOD, ARP attack, legendary dumb attack, forum dumb attack, non-TCP/IP protocol layer attack and so on.

Various common attacks can be effectively identified, and these attacks can be handled and stopped in real time through integrated mechanisms. It has the functions of remote network monitoring and packet analysis, and can quickly obtain and analyze the latest attack characteristics and defend against the latest attack means.

At the same time, DDoS firewall is also a server security guard, which has a variety of server intrusion protection functions, preventing hackers from sniffing and intrusion tampering, truly protecting from the outside and creating a safe and maintenance-free server for you. As a new force and rising star in the field of network fire prevention in China, the 3D protection structure of DDoS firewall provides an anti-DDoS firewall with excellent protection, practical function, simple operation and low resource occupation with the idea of simplicity (operation) rather than simplicity (function).

What is a DDOS attack? What is its principle? What is its purpose? The more detailed, the better! Thank you?

The biggest headache of the website is being attacked. Common server attacks mainly include these categories: port penetration, port penetration, password cracking and DDOS attacks. Among them, DDOS is one of the most powerful and difficult attacks at present.

So what is a DDOS attack?

Attackers forge a large number of legitimate requests to the server, occupying a large amount of network bandwidth, resulting in paralysis of the website and inaccessible. Its characteristic is that the cost of defense is much higher than that of attack. A hacker can easily launch 10g and 10g attacks, but the cost of defending 10G and 10G is very high.

At first, people called DDOS attack a denial of service attack. Its attack principle is: if you have a server and I have a personal computer, I will use my personal computer to send a lot of junk information to your server, which will block your network, increase your data processing burden and reduce the efficiency of server CPU and memory.

However, with the development of science and technology, one-on-one attacks like DOS are easy to defend, so DDOS-distributed denial of service attack was born. Its principle is the same as DOS, but the difference is that DDOS attacks are many-to-one attacks, and even tens of thousands of personal computers attack a server at the same time, which eventually leads to the paralysis of the attacked server.

Three common attack methods of DDOS

SYN/ACKFlood attack: the most classic and effective DDOS attack, which can kill network services of various systems. Mainly by sending a large number of SYN or ACK packets with forged source IP and source port to the victim host, the host's cache resources are exhausted or busy sending response packets, resulting in denial of service. Because the sources are forged, it is difficult to trace, but the disadvantage is that it is difficult to implement and needs the support of high-bandwidth zombie hosts.

TCP full connection attack: This attack is designed to bypass the inspection of traditional firewall. Under normal circumstances, most conventional firewalls have the ability to filter DOS attacks such as TearDrop and Land, but they will let go of normal TCP connections. I don't know that many network service programs (such as IIS, Apache and other Web servers) can accept a limited number of TCP connections. Once there are a large number of TCP connections, even if they are normal, the website access will be very slow or even inaccessible. TCP full connection attack is to establish a large number of TCP connections with the victim server through many zombie hosts until the server's memory and other resources are exhausted and dragged across, resulting in denial of service. The characteristic of this kind of attack is to bypass the protection of general firewall and achieve the purpose of attack. The disadvantage is that many zombie hosts need to be found, and this DDOS attack method is easy to be tracked because of the IP exposure of zombie hosts.

Brush script attack: This attack is mainly aimed at the website system with ASP, JSP, PHP, CGI and other scripts. And call MSSQLServer, MySQLServer, Oracle and other databases. Its characteristic is to establish a normal TCP connection with the server, and constantly submit queries and lists to the script, which consumes a lot of database resources. The typical attack method is small and wide.

How to defend against DDOS attacks?

Generally speaking, we can start with hardware, a single host and the whole server system.

I. Hardware

1. Increase bandwidth

Bandwidth directly determines the ability to resist attacks, and increasing bandwidth hard protection is the theoretical optimal solution. As long as the bandwidth is greater than the attack traffic, it is not afraid, but the cost is high.

2. Upgrade the hardware configuration

On the premise of ensuring network bandwidth, try to upgrade the configuration of hardware facilities such as CPU, memory, hard disk, network card, router and switch, and choose products with high popularity and good reputation.

3. Hardware firewall

Put the server in the computer room with DDoS hardware firewall. Professional firewalls usually have the function of cleaning up and filtering abnormal traffic, and can resist traffic DDoS attacks such as SYN/ACK attacks, TCP full connection attacks and brush script attacks.

Second, a single host.

1. Fix system vulnerabilities in time and upgrade security patches.

2. Shut down unnecessary services and ports, reduce unnecessary system add-ins and self-startup items, minimize processes in the server, and change the working mode.

3、iptables

4. Strictly control the account authority, prohibit root login and password login, and modify the default port of common services.

Third, the whole server system.

1. Load balancing

Load balancing is used to distribute requests evenly to all servers, thus reducing the burden on a single server.

2、CDN

CDN is a content distribution network built on the network. It relies on the edge servers deployed in various places, and through the distribution and scheduling function module of the central platform, users can get the required content nearby, which reduces network congestion and improves the response speed and hit rate of users' access. Therefore, CDN acceleration also adopts load balancing technology. Compared with high-security hardware firewall, CDN is more reasonable, and multiple nodes share the infiltration traffic. At present, most CDN nodes have 200G traffic protection function, and with the protection of hard defense, it can be said that they can cope with most DDoS attacks.

3. Distributed cluster defense

The characteristic of distributed cluster defense is that each node server is configured with multiple IP addresses, and each node can withstand DDoS attacks not less than 10G. If a node is attacked and cannot provide services, the system will automatically switch to another node according to the priority setting, and all the attacker's packets will return to the sending point, paralyzing the attack source.