preface
The Internet is so wonderful and free, and freedom also means losing control. Network security is still a concern of people from all sides. This section mainly discusses DDos (Distributed Denial of Service attacks) technology through the love story of Zhang SAN and Xiao Fang.
The body of the
The book said last time, like small fang programmer Zhang SAN issued to small fang “Hello ah, can we be friends? “Of news, eliminate the risk of small fang didn’t receive information, after struggling to wait, finally as phones a tinkling sound, zhang received a small fang reply” good “, a good, appear identify and do not lose etiquette, zhang SAN know his love story is necessarily difficulties and obstacles, how he search online chat with the girls, that need more care about the small fang, Zhang SAN thought this is not easy, as a programmer for many years of Zhang SAN already through speed amazing, he quickly on the keyboard “good morning” “good noon” “good evening” such as concern greetings, although xiao Fang answered but the word once less than once, attitude once more than once indifferent. Zhang SAN was in trouble.
In order to investigate the reasons for being left out, Zhang SAN began to investigate xiao Fang, found that xiao Fang recently and Wang Ergou chat frequently, Zhang SAN understand that xiao Fang originally love is not him, he felt sad, but also can accept, after all, this feeling is about two feelings. Stem from unwillingly he writes down the IP of home of king 2 dogs quietly (this is bad behavior), and begin to investigate king 2 dogs, he discovers king 2 dogs and emerald green flower, liu Ying wait for many women to contact frequently again unexpectedly. This makes Zhang SAN feel very angry, so he decided to revenge wang Ergou, let the goddess from the sea of suffering. After much thought, he decided to use ddos to punish Wang Ergou. The so-called DDos is used to take up struggling to cope with illegal traffic network resources to server to respond to the user’s request properly Is simply a manger, let users want to shit is shit, what a vicious means, but the thought of two dogs do is such deeds, zhang SAN in the mind think it is a training, Give him his own back.
After consulting materials, Zhang SAN found that ddos is mainly realized by sending requests to the server by a large number of devices to paralyze the server. But zhang SAN is not a large number of devices, he learned that want to have a lot of equipment is a very rich enough to buy a lot of equipment (bs), but by means such as viruses, worms, line to control other people close to the user in an effort to form a botnet, this is clearly illegal, zhang SAN is a little bit back, because he had neither money, also don’t want to be illegal. When Zhang SAN caught in a dilemma, xiao Fang sent a message, this is the first time xiao Fang took the initiative to send him a message, the original Wang two dog fish things were xiao Fang know, ecstatic Zhang SAN randomly dropped hands of DDos tutorial, and xiao Fang chat, want to know how (I don’t know if there is no next time).
The technical details
It gives you a sense of how DDos works from the point of view of Sam’s momentary evil. Rather than a conspiracy to find bugs, it’s a violent act that everyone knows about, but can’t prevent. As we know, there are five layers of the network, and almost every stage of data transmission can be attacked by DDos. Let’s talk about the attack methods at each layer
- The physical layer
We only need to send a large number of forged IP protocol packets to the server, which can occupy the network bandwidth of the other party and cause delay packet loss of normal data. This was discussed in detail in Section 1.4 and will not be repeated here. This attack is also known as ICMP flood. This kind of attack is similar to sending junk delivery, it doesn’t matter what you send, the important thing is that your delivery cabinet is full, and there is no place for normal delivery.
- The transport layer
1. The same idea, we can also send the package in the transport layer such as UDP protocol packets, constitute a UDP flood, but it provides a real IP address, easy to prevent, services a large number of illegal access directly to the IP measurements can be banned, but policy makers, now that you dare to banned IP, then I can provide a normal user IP, Normal users would also be killed by mistake. In the same vein, since the sender can be forged, the receiver can also be forged. Hackers send a large number of packets to a third party, and the receiver is designated as the target of attack. In this way, although the server does not send connection requests to other servers, it gets a large number of replies. Both sides are so confused, they’re trying to kill each other. It’s like someone texting real estate from your phone number saying you want to buy a house, and then the sales rep calls you like crazy, and then you think the sales rep has a problem, and he thinks you have a problem. 2. At the transport layer, there are not only UDP but also TCP. Compared with UDP, TCP has the concept of connection. TCP attacks are SYN and RST flood. These attacks are based on the three-way handshake and four-way wave. SYN uses the retransmission mechanism to keep the server sending connection responses. The RST idea is to send a forced disconnection packet to disconnect normal users. Do not know when everyone is playing games have been indescribably broken line, this plug-in or more accurately said blast room plug-in, one of the principles is the IP address of the parsing opponent, and then sent to the server forced to break the packet.
Three handshakes, four waves
Three-way handshake
Even as a small white, these two nouns believe that we are not unfamiliar, in fact, three times shake hands, four times wave is like falling in love. You want to fall in love with someone, then you must first know her/him, such as our protagonist Zhang SAN he likes Xiao Fang, because he is afraid of finding the wrong person, so he asked a “I am Zhang SAN, are you Xiao Fang?” This is the process of the first handshake, xiao Fang said “I am Xiao Fang, are you really Zhang SAN”, this is the second handshake, if zhang SAN receives the message, he will say “yes, I am Zhang SAN”. As you can see, the three-way handshake is actually a process of confirming the identity of both parties. By the end of this three-sentence conversation, both parties can make sure that the person they’re texting is correct, and more importantly, they can make sure that their message gets picked up and a response is received. Such a connection is more reliable than two handshakes. If the dialogue is interrupted in the second sentence, the problem is that Xiao Fang does not know whether Zhang SAN got his message, so the meaning of three handshakes is to determine their own ability to receive/send messages and the other party’s ability to receive/send messages. 1. In the process of the first communication, after Zhang SAN sends information to Xiao Fang, Xiao Fang can confirm her ability to receive messages and Zhang SAN’s ability to send messages.
2, in the second communication, xiao Fang sent information to Zhang SAN, Zhang SAN can confirm their ability to send a message and xiao Fang’s ability to receive no problem, but xiao Fang don’t know their ability to send a message in the end, so it needs to third communication.
3. In the third communication, After Zhang SAN sends information to Xiao Fang, Xiao Fang can confirm that there is no problem with her ability to send messages.
This is TCP three handshake, and UDP for two handshake, dialogue only the first two sentences, the problem is very obvious, xiao Fang can not determine their ability to send a message.
Understand the process of the handshake, you can understand the UDP flood, like Zhang SAN has been to send spam to xiao Fang, this is obviously not normal chat, xiao Fang practice is the choice of shielding Zhang SAN, but if it is Wang Erdog fake Zhang SAN to xiao Fang sent a message (fake IP) that injured can be innocent Zhang SAN. And SYN flood is in using the small fang courtesy, zhang SAN send “in a” small fang thought that zhang SAN something is sent “, what’s the matter “, after a while zhang SAN did not reply, small fang again and said “what matter do you have”, after so many times by pigeons, small fang is wasted a lot of time, and then know that he was played, then blocked by zhang SAN. So if Wang Ergou is more despicable, you can fake Zhang SAN to Xiao Fang SYN flood, so, Zhang SAN can be miserable.
Four times to wave
If the three handshakes are the acquaintance of two people, we can imagine that the four waves are the farewell of two people. This process is probably like this, Xiao Fang said “I think we may not be suitable”, Zhang SAN said “you ask me to slow down, I can not accept”, Zhang SAN sad for a while and then said “OK, I agree”, Xiao Fang said “you are a good person, see you later”. As the saying goes, “It’s hard to say goodbye when you see each other.” A normal break up requires four q&A sessions to ensure mutual agreement. The above mentioned RST flood, like someone fake xiao Fang to zhang SAN sent a message “we break up” then shielded Zhang SAN, leaving zhang SAN a face meng force, but because xiao Fang attitude is very strong, Zhang SAN can only do nothing, this also reflects the violence of the RST flood.
Review questions
Answer: Virus: Requires user interaction to infect a device. Worm: Infects devices without user interaction.
Answer: Malware takes control of many network devices, collectively known as botnets. Using malware, network devices in botnets send large numbers of packets to the target host, or create large numbers of connections, and so on, leaving the target host in a bind. This is what happens when botnets are used for DDoS attacks.
Answer: Trudy can sniff groups to get a copy of the transport group, and can IP spoof to impersonate another user.