SSL flood attack of DDoS attack

DDoS Common network attack means when attacking , And flooding SSL Links are DDoS One of the most common attack methods . For distributed denial of service attacks , When multiple systems exclude the broadband and resources of the target system , Multiple computers have overloaded access to the target server at the same time , Cause the server to crash .SSL Flood Flood attack is also such an attack mode .

In the deep SSL Flood Before the attack , You need to know something first . Transmission control protocol （TCP）, It completes the functions specified by the fourth layer transport layer .TCP SYN Flood Flood attacks have existed for many years , also DDoS Detection and mitigation are largely passive , It can be seen that this attack will continue . If the server is being DDoS attack , The access interface will appear 504 Gateway timeout error .

If the supplier tests TCP Flood The ability to attack is getting higher and higher , Then it will turn to attack other levels , namely SSL / TLS layer . Just like the game of cat and mouse .

What is? SSL Flood？

SSL Flood Attack and SSL Renegotiation attacks all take advantage of server-side negotiation security TLS Processing capacity required for connection , Send a lot of garbage data to the server , Or constantly ask to renegotiate the connection , Thus, the resources of the server exceed the limit and take it offline .ssl The certificate application

Such as ： common PushDo Botnet , Its adoption will SSL Server and garbage data overload , Try to SSL / TLS Attack it during handshake . because SSL / TLS Construction of protocol , When a large amount of data overflows and requests the server , The calculation cost may be high .

The other is for SSL The flood attack of handshake was originally considered SSL In the agreement “bug”——THC-SSL-DOS Tools .THC-SSL-DOS The goal of the tool is , Renegotiate the encryption method used for the connection . After successful connection , The tool will renegotiate with the server using the new encryption method , Will require server recalculation requirements .

among ,F5 Find a way to deal with these two attacks , Within a specified time , Ignore all required renegotiation connections . This can deceive the attacker into thinking that the attack has taken effect , In fact, these requests are ignored .

This article is only for those involved SSL Flood Two case studies of attacks , But in everyday life , Different types of vulnerabilities are found every day . Although at present, Internet devices and software can set up a variety of things to deal with DDoS attack , But at present, network security is in a relatively bad state , Even if equipped with advanced 、 Expensive equipment and software businesses , Still suffer every day DDoS attack .

therefore , Adequate protection preparation is needed , Make an action plan that can be completed quickly , To prevent DDoS attack , Instead of waiting for the attack to stop .