DoS And attack methods

0x01 DOS Introduction to the attack

DoS（Denial of Service）
DoS Also known as denial of service , cause DoS Is known as DoS attack , Its purpose is to make the computer or network unable to provide normal services , The most common DoS Attacks include computer network broadband attacks and connectivity attacks .

DoS Attack refers to the intentional attack on the defects of the network protocol implementation or the brutal exhaustion of the resources of the attacked object directly through barbaric means , Causes the target system service system to stop responding or even crash , This attack does not include intrusion into the target server or network device .

These service resources include network bandwidth , File system space capacity , An open process or allowed connection . The problem is network bandwidth , Such attacks can lead to a shortage of resources , No matter how fast the computer processes 、 What is the memory capacity 、 The speed of network bandwidth cannot avoid the consequences of this kind of attack .

Common flooding attacks

• Buffer overflow attack ： The most common DoS attack , The idea is to send a lot of traffic to a network address .
• ICMP flooding ： Take advantage of misconfigured network devices by sending fraudulent packets , These packets ping Every computer on the target network , Not just a specific computer . Then trigger the network to amplify the traffic . This attack is also called death ping.
• SYN flood： Send a request to connect to the server , But the handshake was not completed . Until all open ports are saturated with requests .

0x02 Distributed denial of service attacks DDoS

DDoS（Distributed denial of service attack）
DDoS Also known as distributed denial of service attack , Many computers can be attacked at the same time , Make the target of the attack unusable , Distributed denial of service attacks have occurred many times , As a result, many large websites are unable to operate .

A complete DDoS The attack system is made up of attackers 、 Main control end 、 The agent and the target are composed of four parts .
The master and agent are used to control and actually launch attacks respectively , The master only issues commands and does not participate in the actual attack , The agent sends DDoS The actual attack packet .

For computers on the master and agent side , The attacker has control or partial control , During the attack, it will use various means to hide itself from others . Once the real attacker transmits the attack command to the master , An attacker can shut down or leave the network , The master sends the command to each proxy host .

This allows attackers to evade tracking , Each attack proxy host will send a large number of service request packets to the target host , These packets are disguised , It's impossible to identify its source , And the services requested by these packets often consume a lot of system resources , As a result, the target host cannot provide normal services for users . It even causes the system to crash .

DDoS classification

0x03 DoS Attack process

Picture address ：https://hmurl.cn/aHk40hhW

Before the sender , Will first send a synchronization packet to the receiver （SYN）, The receiver returns a synchronization packet （SYN）, An answer packet （ACK）, Then the sender sends a reply packet （ACK） Respond

When the connection status is in “ Half a connection ” In the state of , received SYN The package has not been received yet ACK Connection at package time , That is, those who have not yet completed three handshakes TCP Connect . If you keep sending something like “ Half a connection ” Status packets , This will cause a large number of server resources to be occupied , And occupy network bandwidth .

0x04 Common attacks

SYN Flood attack

By destroying the complete TCP/IP Three handshakes of the connection session , Detailed see 0x03.

smurf attack

smurf An attack is a virus attack , With the program that originally launched this attack “Smurf” Named after the ,smurf Attacks also belong to dos attack , It's a flooding attack , Use the victim's IP Address as source IP Address forgery broadcast ping, In combination with IP Deception and ICMP The reply method makes a lot of network transmission flood the target system , Cause the target system to refuse to service the normal system .

smurf Attack detection ：

1. ICMP Response to storm detection
2. The increase of message loss rate and retransmission rate
3. Unexpected connection resets often occur

fraggle attack

fraggle Belong to dos attack ,fraggle Use UDP port 7 and 19 instead of smurf The attack uses ICMP, forge IP The address to send .
When not necessary , Turn off the broadcast address feature of the router or firewall , And filter it out on the firewall UDP message , And prevent the destination port or source port number from being 7 or 19 Of UDP A message through .

Death ping

(pingofdeath)DengKelen
“PingofDeath” It's a test that deliberately produces deformities Ping（PacketInternetGroper） package , Claim to be bigger than ICMP ceiling , That is to use an oversized ping package , The loaded size exceeds 64KB ceiling , Make unprotected network system memory allocation error , Lead to TCP/IP Protocol stack crash , Finally, the receiver goes down , Now dead ping Packages are not common .

Teardrop attack

Teardrop attack is a kind of denial of service attack , It is the attacker who takes advantage of TCP/IP The protocol stack implementation cannot be restored IP The information in the fragments to achieve their own attacks . That is, the forgeries sent overlap with each other IP Packet packets , The receiving host is difficult to reassemble .
This attack can be carried out by TCP/IP In the protocol stack, the code is reorganized in pieces bug To disable different operating systems

Land（LandAttack） attack

LAND attack
The attacker used the victim's IP Address as source address and destination address , By sending carefully constructed spoofing packets , Send fake
SYN Packets to victims , I keep responding , Cause the target equipment without corresponding protection mechanism to be paralyzed .

Reference：
Baidu Encyclopedia _ The world's leading Chinese encyclopedia