The OSI model is the perfect example of revealing the DDOS attack type. The OSI layer is divided into 7 types. According to it, different types of attacks are different levels of OSI layers. Because all DDOS attacks involve target foundation or traffic network, the attack is divided into three categories: application layer attack, protocol attack, and capacity attack. According to the target vector, the attacker plans to use one or more methods.

　　DDOS attacks are used to suspend online services and make end users unable to use them.

　　DDOS attacks are divided into several types:

　　Application layer attack

　　Protocol attack

　　Volume attack

　　Here are some common DDOS attacks:

　　UDP flood

　　ICMP flood

　　Syn flood

　　Ping attack

　　NTP amplification

　　Http flood

　　SlowLoris attack

　　Explain different types of DDOS attacks

　　The application layer attack is sometimes called the 7th layer of attack and is used to destroy the available resources in the target area. DDOS attacks mainly occur in areas where requests create and transmit web pages. The HTTP request may be too small on the client, but the response from the server is too large because it may contain multiple files and query to build a web page. In most cases, this type of attack is difficult to protect, because traffic may be a problem that is determined to be malicious.

　　HTTP flood is an example. It applies buttons in many systems on the web engine browser on many systems, so that the server fills requests and refuses to provide services to users. The range of https flood attacks from one to many, that is, simply realize accessing a URL, and to access multiple URLs with attack IP addresses.

　　The protocol attack mainly uses the third and fourth layers of the protocol stack to make the target not be accessed. These attacks consume the status capacity of Web servers and firewalls.

　　This is a Syn Flow example, where the request did not get a reply and the process continued. For example, the labor force in the supply room receives a request to receive a package from the storage room. Hearing this, the worker went to the package, waited for the final confirmation, and then took the package out of the storage room. When the labor force receives more requests and has not been confirmed, the process has not been answered and waited for the last step to close.

　　Batch attack consumption uses targets and Internet network bandwidth. In order to succeed in this attack, the attacker will overflow the website with malicious traffic. This will cause legitimate traffic to stop and reject service.

　　The UDP or user datagram protocol is a DDOS attack, which is launched by pushing a large amount of UDP packets to other ports. The long -distance host opportunity responds accordingly:

　　Check the application or have no application to listen to the port.

　　Reply to ICMP packet

　　Generally, there are two types of UDP flood attack tools, Low orbit Ion Cannon low -orbital ion gun and UDP Unicorn attack

　　These attacks can be processed by filtering malicious flow on the terminal network to perform firewalls. It uses a data packet with a static or random internet protocol address to attack the terminal network.

　　ICMP Flood or Ping Flood follows the same principle as UDP Flood. This is a common DDOS attack that destroys the victim's system by continuously sending a ping request. There are several ping commands, such as n, l, t, where the n command is the number of sending requests. The L command tells us the amount of data sent in the packet, and the T command is used for ping data.

　　TCP Syn Flood is a DDOS attack. The client and server establishment three -way handshake, as described below:

　　First, the client requested the connection by sending SYN messages to the server. Once the server receives a connection request, it will send a confirmation message to the client. The client takes the response as a response, thereby establishing a connection.

　　Here, the striker sends continuous messages (SYN) to the server, most of which are the wrong IP address. The server receives a large number of unknown connection requests. In any way, the server that is maliciously requested to attack will be confirmed, but it will wait for the same results from the client.

　　SlowLoris is a high -level attack, and one of the servers turn off other servers without hindering services on the same network. As the name suggests, Slowloris creates a connection with the target server by only sending part of the request. The server keeps this connection open, and then overflows and leads to refusal service.

　　These attackers are mainly concentrated on attacks due to certain ideology, extortion, and business competition.

　　Zero -based DDOS attacks include unknown attacks and no patch leaves.