What is a DDOS attack?

DDOS attack "distributed denial of service" is a common malicious attack on web servers at present. Its principle is to control a large number of broilers (false traffic) to access web servers to consume resources such as bandwidth and memory. The purpose is to make web servers unable to access normally. The consequence is that it will directly lead to damage to the business of the enterprise, loss of data, and what is more serious is that long-term inaccessibility will lead to the decline of search engine authority, website rankings, natural traffic, etc., or even zero, so webmasters hate DDOS attacks very much .

What types of DDOS attacks are there?

There are many types of DDOS attacks. Here are some common attack principles and different attack types.

IP attack:

Attacks are carried out by modifying the IP address of network nodes to impersonate a trusted IP address. IP attacks include fragmented IP attack, malformed IP attack, nestea IP attack, short fragments IP attack, and teardrop IP attack.

TCP attack:

The hacker forges the IP of the source server to initiate a connection request to the TCP server on the public network, causing the server to receive a large amount of SYN/ACK request data, which eventually results in a denial of service attack method. This kind of TCP attack has protocol behaviors, so this method is more and more common. The types of TCP attacks include SYN flood (DDOS), RST attack, session hijacking, etc.

UDP attack:

Also known as UDP flood attack or UDP flood attack, UDP is a connectionless protocol, and it does not require any program to establish a connection to transmit data. The principle is that when the hacker randomly sends UDP packets to the port of the victim system, a UDP flood attack may occur.

ICMP attack:

Forge the gateway to send ICMP packets to the victim host server, making the victim host believe that the target network segment is unreachable. ICMP attack types include ICMP DOS, ICMP packet amplification or ICMP Smurf, ICMP PING flood attack or ICMP flood, ICMP nuke, etc.

DNS attack:

Also known as DNS spoofing attack, the principle is that the host server sends a large number of domain name resolution requests. The domain name resolved by the request is randomly generated or does not exist. When the DNS server receives the domain name resolution request, it will first check whether There is a corresponding cache, if it cannot be found and the domain name cannot be directly resolved by the server, the DNS server will recursively query the domain name information to its upper-level DNS server. The process of domain name resolution brings a lot of load to the server, and if the number of domain name resolution requests per second exceeds a certain number, the DNS server resolution will time out. DNS attack types include DNS hijacking, DNS cache poisoning, reflective DNS amplification attacks, etc.

HTTP attack:

The principle is that in web applications, the entire content of the http request received from the browser can be freely changed and tampered with on the client side. Therefore, the web application may receive content different from the expected data, and the attack code on the web application can be launched by loading the attack code in the http request message, and the malicious code is transmitted through URL query fields or forms, HTTP headers, cookies, etc. If there is a loophole on the web side, the internal information will be leaked or hackers will get management authority. HTTP attacks can be divided into active and passive attacks, such as script attacks and injection attacks.

Although DDOS attack is a common type of attack, network attacks are not limited to DDOS, there are many types, so we need to take comprehensive server defense measures in time, patch loopholes in time, and prevent hackers from taking advantage. Dangers must always be stifled budding stage.