The performance and viewing methods of websites attacked by DDoS

With the simplification of network attack , Now DDoS attack It has not only appeared in large websites , Even a lot of small and medium-sized websites and even personal websites may be faced with being DDoS The risk of attack . Maybe a lot of webmasters are right DDoS Attacks don't know much about , When a website is attacked in time, it can't be found in time , Causes the website to appear frequently big cannot open the situation ,, In order to let stationmaster people avoid network to receive DDoS The impact on the attack . Let's introduce the website in detail DDoS The performance of the attack and how to view it .
 

The website was DDoS The performance of the

1. The server CPU Be heavily occupied

DDoS The attack is actually a malicious resource occupation attack , The attacker sends a large number of invalid requests to the target server by using broiler or attack software , Causes the server's resources to be occupied by a large number of , So the normal process is not handled effectively , In this way, the website will open slowly . If the server can pop up for a certain period of time CPU High occupancy , Then it may be that the website has been CC The impact of the attack .

2. Bandwidth is heavily used

Taking up bandwidth resources is usually DDoS One of the main means of attack , After all, for many small businesses or personal websites , Bandwidth resources can be said to be very limited , When the bandwidth of the network is occupied by a large number of invalid data , Normal traffic data requests are very difficult to be processed by the server . If the uplink bandwidth utilization rate of the server reaches 90% When above , Then your website usually appears to be DDoS The possibility of attack .

3 The server is not connected to , The website can't be opened

If the web server is massive DDoS When the attack , It may cause server blue screen or crash , This means that the server is no longer connected , There is a connection error on the website . Of course, when this kind of request occurs, we'd better confirm whether the server is caused by hardware failure and so on , Otherwise, we should do a good job in the defense of the first segment when connecting to the server .

4. domain name ping Don't out IP

Perhaps the stationmaster of this kind of circumstance may compare little consider , This is also true DDoS A manifestation of attack , Just attack the target of the attack is the website DNS Domain name server . In the event of such an attack ,ping Server's IP It's connected normally , But the website just can't be opened normally , And in ping The domain name will appear abnormal ping General information .

In fact, in life ,DNS It is very common for domain name servers to be attacked , For example, when we have network access , Found that all websites can not be opened normally , however QQ The network application can still run normally .

because DDoS There are many types of attacks , It's hard to judge the type of network attack simply by the performance of the website , So we can start from the server side , Use common commands to make judgments ：

The first type ：CC Class attack

command ：netstat –na,

If a large number of ESTABLISHED Connection state of Single IP Up to dozens or even hundreds

The second type ：SYN Class attack

command ：：netstat –an,

If a large number of SYN_RECEIVED Connection state of

The third type ：UDP Class attack

Observe the status of the network card Accept a large number of packets per second

Network state ：netstat –nan TCP The message is OK

The fourth type ：TCP Flood attack

command ：netstat –an,

If a large number of ESTABLISHED Connection state of Single IP Up to dozens or even hundreds

The above is the website by DDoS The performance of the attack and the related introduction of the viewing method , For website operation ,DDoS It's a huge impact , Even if there are regular DDoS When the attack , May also be destructive to the site , Therefore, the stationmaster should guard against DDoS Need more attention , Once the site appears to receive DDoS The performance of the attack , Take the necessary defensive measures immediately .