On Friday, I got off work early. I was playing chicken at home and running drugs crazily when my girlfriend, who was brushing Douyin next to me, asked me a strange question.


In a Distributed Denial of Service (DDoS) attack, an attacker launches a large number of normal or abnormal requests to the target to exhaust the host or network resources. As a result, the attacked host cannot provide services for normal users.

DoS



Before we introduce DDoS, we need to briefly introduce what DoS is.

Denial of Service (DoS) is to occupy too many Service resources with reasonable Service requests, so that legitimate users cannot receive Service responses. This was a very basic form of cyber attack in the early days.

Take a simple example, Xiao Wang opened a shop, the store is not big, and xiao Wang has three waiters. Thanks to their good quality and low prices and friendly attitude of the staff, business is getting better and better.

However, there was a bully in the small town where the store was located. The bully saw that Wang’s store was profitable and wanted to make some dirty tricks for himself. So he dressed up as an ordinary customer and talked with the shop assistants, asking how much this one cost and how much that one cost, and sometimes providing false information to the shop assistants, such as where is out of stock and so on. He’s got the shop assistants in a spin.

Since the bully pretended to be an ordinary customer, Wang and the shop assistants could not completely ignore him, so they had to spare some energy to serve him, but because the store staff were limited. Many other customers may be left out in the cold.

For the website, in fact, is the same, the website is like xiao Wang’s shop. For a website, he is to build on the server above, and because of limited hardware resources, so the service capacity is also limited. If someone visits frequently or hogs resources for long periods of time, the experience of other users will deteriorate.

This is a DoS attack that uses reasonable service requests to occupy too many service resources, so that legitimate users can not get the response of the service.

In the three elements of information security — confidentiality, integrity and availability, DoS is aimed at availability. This attack takes advantage of the network service function defects of the target system or directly consumes its system resources, making the target system unable to provide normal services.

DDoS

If it’s just a bully, just be able to identify him and stop him from entering the store.

After the bully was discovered, he also thought of a solution, this time he did not go to the shop by himself, but gathered a group of knaves, and these knaves changed every day, the shop staff could not tell who was sent by the bully.

Rogues, posing as ordinary customers, have been crowding the stores, hanging on, but the real shoppers have not been able to enter; Or always and the salesperson have a take a take of the east pull west pull, so that the staff can not normal service customers; It can also provide false information for the operators of shops. After busy up and down the shops, they find that they are all in vain, and finally lose the real big customers and suffer heavy losses. One rogue to fool around, is a DoS attack, and a group of rogue to fool around, is a DDoS attack.

Generally speaking, DDoS attacks can be divided into two types: bandwidth consumption and resource consumption. They all occupy a large number of network and equipment resources through a large number of legitimate or forged requests, in order to achieve the purpose of paralyzing the network and system.

The harm of DDoS

When a server is attacked by a DDos attack, the following symptoms occur:

A large number of WAITING TCP connections exist on the attacked host.

The network is flooded with useless packets;

The victim host cannot communicate with the outside world.

The victim host cannot process all normal requests. In severe cases, the system freezes.

For users, the common phenomenon is that the website is not accessible.




In the prevention of DDoS

To combat DDoS attacks, you need to have a clear understanding of what is happening during the attack. In simple terms, DDoS attacks can be used to exploit vulnerabilities in a server, or to consume resources on the server (such as memory, hard disk, etc.).

Generally speaking, the following methods can be used to prevent:

1. If the attack source, such as the machine IP address, can be identified, an ACL (access control list) can be placed on the firewall server to block the access from these IP addresses.

2. For bandwidth consuming attacks, the most effective way is to increase bandwidth.

3, improve the server service capacity, increase load balancing, multi-site deployment, etc.

4. Optimize resource usage to improve the load capacity of web Server. For example, using Apache you can install the ApacheBooster plug-in, which integrates with Varnish and Nginx to handle the surge in traffic and memory footprint.

5. Use highly scalable DNS devices to protect against DDOS attacks against DNS. Consider purchasing Cloudfair’s commercial solution, which provides DDOS attack protection against DNS or TCP/IP layers 3 through 7.

6. Enable the anti-IP spoofing function of the router or firewall.

7. Pay to use third-party services to protect your site.

8. Monitor network and Web traffic. Observe flow rate changes at all times

9. Protect DNS from DNS amplification attacks.

For network attacks, there is no way to completely prevent and avoid, can only do their best to constantly increase the cost of hacking attacks.


Reference data: https://www.oschina.net/translate/15-ways-to-stop-ddos-attacks-in-network