Denial of service DDoS Attacks

Imagine a scene , You are visiting some websites , One of the websites seems a little slow . You may blame their servers for improving their scalability , Because they may encounter a lot of user traffic on their website . Most websites have already considered this problem in advance . Is likely to , They may be called DDoS attack （ Distributed denial of service attacks ） The victims of . Reference resources - Denial of service and prevention  

stay DDoS In attack , An attacker attempts to make a specific service unavailable by directing continuous and huge traffic from multiple terminal systems . Because of this huge traffic , Network resources are used to serve the requests of those fake terminal systems , Make legal users unable to access themselves / Her own resources . 

DDoS The type of attack – 
DDoS Attacks can be divided into three categories ： 
 

1. Application layer attack —— 
   These attacks focus on attacks OSI The first of the model 7 layer , In this layer, web pages are generated in response to requests initiated by end users . For clients , Generating requests does not take up any heavy load , And you can easily generate multiple requests to the server . On the other hand , Responding to requests will put a considerable load on the server , Because it has to build all the pages 、 Calculate any queries and load the results from the database upon request . 
   Example ： HTTP Flood Attack and attack DNS Attacks on services . 

2. Protocol attacks —— 
   They are also called state exhaustion attacks . These attacks mainly target the protocol stack 3 Tier and tier 4 Layer vulnerability . These types of attacks consume Services 、 Resources such as firewalls and load balancers . 
   Example ： SYN Flood Attack and Ping of Death. 

3. Capacity attack —— 
   The focus of capacity attacks is to consume network bandwidth and saturate it through amplification or botnets , To hinder its availability to users . They are easily generated by directing large amounts of traffic to the target server . 
   Example ： NTP Zoom in 、DNS Zoom in 、UDP Flood Attack and TCP Flood attack . 
    

common DDoS attack – 

• SYN Flood attack - 
  SYN Flood Attacking the way children work with naughty children constantly ringing the doorbell （ request ） And escape in a similar way . The old man inside came out , Open the door , I didn't see anyone （ No response ）. Final , After this happens frequently , The old man is exhausted , Even real people can't answer .SYN The attack is deceptive by sending IP Address of the SYN Use information TCP handshake . The victim server continues to respond , But no final confirmation was received . 

  

• HTTP Flood attack —— 
  stay HTTP The flood is attacking , Generate multiple at the same time for the target server HTTP request . This will cause the server to run out of network resources , Thus, the request of the actual user cannot be satisfied .HTTP Flood The variant of the attack is ——HTTP GET Attack and HTTP POST attack . 

• DNS Zoom in —— 
  Suppose you call Pizza Hut , Ask them to call you back , And tell them all the pizza combinations as well as the ingredients and desserts . You generate a large output with very small input . however , The problem is that the number you gave them is not yours . Again ,DNS Zoom in through from deception IP Address request DNS Server and build your request to work , In order to DNS The server responds to a large amount of data to the target victim . 

DDoS relieve – 
prevent DDoS Attack ratio DoS Harder to attack , Because traffic comes from multiple sources , And it is difficult to separate malicious hosts from non malicious hosts . Some mitigation techniques that can be used are ： 

1. Black hole routing —— 
   In black hole routing , Network traffic is directed to “ Black holes ”. under these circumstances , Both malicious and non malicious traffic will be lost in the black hole . When the server suffers DDoS Attack and all traffic is diverted to maintain the network , This countermeasure is very useful . 
    
2. Rate limit  
   Rate limiting involves controlling the rate of traffic sent or received by the network interface . It can effectively reduce the speed of web crawlers and brute force login work . however , Simply limiting the rate is unlikely to prevent recombination DDoS attack . 
    
3. The blacklist / White list – 
   Blacklists are those mentioned in the block list IP Address 、URL、 Domain name and other mechanisms that allow traffic from all other sources . On the other hand , The white list refers to all the items mentioned in the allowed list IP Address 、URL、 Domain name etc. , And deny access to network resources from all other sources .