The high -defense cloud server is a cloud server type that can defend large DDOS attacks and CC attacks. It can help websites to deal with refusal service attacks, effectively identify and clean malicious traffic, and provide network security maintenance for a single customer.

　　1. Band consumption attack.

　　The DDOS bandwidth consumption attack is mainly a direct torrent attack. Using the resource advantage of the attacker, the attack traffic issued by a large number of agents gathered in the target object, which is enough to consume network access bandwidth. Common bandwidth consumption attack types include TCP flood attacks, UDP and ICMP flood attacks. The three can be used alone or can be used at the same time.

　　According to research statistics, most DDOS attacks are achieved through TCP torrent attacks. The TCP flood attack is the use of the defects of the TCP protocol, and the fake IP and IP numbers will send a large number of forged connection requests to disappear (CPU load or insufficient memory) attack method. The TCP protocol is the basis of many important application layer services, and it is likely to have a fatal impact on the performance of the server.

　　UDP flood attack is a traffic -type DOS attack. The common situation is to use a large number of UDP packages to impact the DNS server and RADIUS certification server, streaming video server, 100kbps UDP flood attack often causes the backbone equipment in the line, such as the firewall paralysis. Therefore, the firewall is paralyzed. Therefore, the firewall is paralyzed. Sometimes the host connecting the surrounding network of the victim system also encounters a network connection problem.

　　The ICMP torrent attack sends a large number of ICMP_ECHOREQEST (ping) report to the victim's host through an agent. Is a typical ICMP -based attack software

　　2. System resources consume attacks.

　　DDOS system resource consumption attacks include malicious misuse of TCP/IP protocol communication (TCPSYN attack and TCPPSH attack) and deformity report attacks. Both have the effect of occupying system resources.

　　SYN attack uses the defect of the TCP protocol to consume CPUs and memory resources by sending a large number of semi -connected requests. In addition to affecting the host, it may also harm network systems such as routers and firewalls. Under DDOS, its attack strength has increased by hundreds of times. SYN attacks cannot be completely prevented. They can only defend the filtering gateway such as the TCP/IP protocol stack, deploying firewall/router, etc. to reduce the harm as much as possible.

　　TCPUSH and ACK attacks are the same as TCPTYN attacks, the purpose is to consume the resources of the victim system. When the agent sends a TCP report with the PSH and ACK logo as 1.

　　The receiving system will remove all TCP buffer data (full or dissatisfaction) and respond to confirmation information. If this process is repeated, the system will not be able to process a large amount of inflow files, causing the service to collapse.

　　Deformal report attack means that the attacker sends a defective IP report to the victim's host, causing the target system to collapse when dealing with such an IP package and bring losses to the target system. The main deformed report attacks, such as Ping, Death (Send a large ICMP report) TeardRop (using IP packaging fragments), deformity TCP report, IP-Fragment attack, etc.

　　3. Corresponding layer attack.

　　The application layer attack is not drowning the network through traffic and dialogue, but slowly consume the resources of the application layer through specific applications/services. The application layer attack is very effective at low flow rates. From the perspective of the agreement, the traffic involved in the attack may be legitimate. This makes it difficult for application layer attacks to detect than other types of DDOS attacks. HTTP floods, CC attacks, DNS attacks, etc. are all examples of high -defense cloud server response to the application layer attack.

　　HTTP floods use seemingly legal HTTPGET or post requests to attack Web servers or applications, and they usually use zombie networks. Zombie network is a pair of multi -control networks formed by a large number of hosts infected with BOT program viruses. Hackers can control these zombie networks to centrally launch refusal service attacks on target hosts. HTTP flood attacks are difficult to detect and intercept.

　　The CC attack is based on page attacks and simulates many users to continue to access the server. The attack object is usually a dynamic page with large server expenditures, involving database access operations. The use of proxy as the starting point of attack has a strong concealment. Therefore, it is difficult for the system to distinguish whether normal user operation or malicious traffic. The load of the database and its connection pool is too high to meet the normal requirements.

　　There are two main forms of DNS attacks. One is to start a large number of DNS requests. The DNS server cannot meet the request of normal users. Unable to get service.