current position：Home>Attack popular science: DDoS
Attack popular science: DDoS
2022-06-24 12:45:49【Chen Bucheng I】
One .DDoS What exactly is the attack ？
DDoS attack , The full name is Distributed Denial of Service, Distributed denial of service .
Generally speaking, it refers to the use of “ chicken ” Make a large number of requests to the target website in a short time , Large scale consumption of the host resources of the target website , Make it out of service . Online games 、 Internet Finance and other fields are DDoS The high incidence of attacks .
for example ： I've opened a shop with Fifty seats Chongqing hotpot restaurant , Because of the superior materials , Neither the old nor the young will be cheated . It's very popular , Business is booming , But the hotpot shop of Er Gou's house opposite is not visited . In order to deal with me , Think of a way , Yes Fifty people Come to my hot pot restaurant and sit without ordering , Make it impossible for other guests to eat .
Two .DDoS How many attacks G What does that mean? ？
It's often said , Being attacked , Yes 50G Traffic , How much is that G What do you mean ？
G It refers to bandwidth and traffic . For example, you visit Baidu , Baidu needs to send its page to you , This page may be just a few hundred bytes , But if you keep visiting , Baidu needs to send hundreds of bytes of pages to you all the time .
A broiler ,10M bandwidth , It can be accessed continuously until the bandwidth is full , That will consume Baidu servers 10M Downstream traffic . Like a general server, it has external 100M bandwidth ,10 A broiler can fill the bandwidth of the website , Normal access cannot be accessed .
image IDC Just query the traffic of the exit bandwidth . If it is Linux The server , Use
ifconfig Command to query the upstream and downstream traffic .
3、 ... and .DDoS Types of attacks
ICMP（Internet Control message protocol ） Used in IP host 、 Routing control messages between routers , Control message means that the network is not accessible 、 Whether the host can reach 、 Whether the route is available and so on , Although it does not transmit user data , But it plays an important role in the transmission of user data .
Send massive data packets to the target system , You can paralyze the target host , If you send a lot, it will become a flood attack .
UDP Protocol is a connectionless service , stay UDP Flood in , Attackers usually send a large number of forged sources IP Small address UDP Package Impact DNS Server or Radius Authentication server 、 Streaming video server .
100k bps Of UDP Flood Often break down the backbone equipment on the line, such as firewall , Cause the paralysis of the whole network segment . The above traditional traffic attack methods have low technical content , Hurt a thousand people and lose eight hundred , The attack effect usually depends on the network performance of the controlled host itself , And it's easy to find the source of the attack , It is not common to use it alone . therefore , The reflective amplification attack with the effect of pulling out a thousand catties by four Liang appears .
NTP Is standard based on UDP Network time synchronization protocol for protocol transmission , because UDP No connectivity of protocol , Easy to forge the source address . Attackers use special packets , That is to say IP The address points to the server as the reflector , Source IP The address is forged to attack the target IP, When the reflector receives the packet, it is cheated , The response data will be sent to the target , Deplete the bandwidth resources of the target network .
General NTP Servers have a lot of bandwidth , An attacker may only need 1Mbps The upload bandwidth spoofing NTP The server , It can bring hundreds of thousands to the target server Mbps Attack traffic . therefore ,“ ask - answer ” All kinds of protocols can be used by reflective attacks , Forge the address of the challenge packet as the address of the attack target , The data packets of the reply will be sent to the target , Once the protocol has a recursive effect , The flow is significantly amplified , It's a kind of “ murder a person with a borrowed knife ” Traffic type attack .
It's a use of TCP Protocol defect , Send a lot of fake TCP Connection request , Thus, the resources of the attacked party will be exhausted （CPU Full load or out of memory ） How to attack .
establish TCP Connect , It takes three handshakes —— The client sends SYN message , The server receives the request and returns a message to accept it , The client also returns a confirmation , Complete the connection .SYN Flood It means that the user suddenly crashes or drops the line after sending a message to the server , Then the server cannot receive the confirmation message from the client after sending the response message （ The third handshake can't be done ）, At this time, the server will generally try again and wait for a period of time before discarding the unfinished connection .
It's not a big problem that a user's exception causes a thread on the server to wait for a while , But malicious attackers simulate this situation a lot , The server consumes a lot of resources in order to maintain tens of thousands of semi connections , The result is often no time to pay attention to the customer's normal request , Even collapse . From a normal customer's point of view , The site lost its response , cannot access .
CC Attack is one of the main means of application layer attack , Generate a legal request to the target system with the help of a proxy server , Realize camouflage and DDoS.
We all have this experience , Visit a static page , Even if there are many people, it doesn't take long , But if you visit the forum during rush hours 、 Post it and so on , That would be slow , Because the server system needs to go to the database to determine whether the visitor has read the post 、 Authority to speak, etc . The more people you visit , The more pages there are in the Forum , The more pressure on the database , The higher the frequency of being interviewed , The system resources occupied are considerable .
CC Attacks take full advantage of this feature , Simulate multiple normal users to constantly visit pages that require a lot of data operations, such as forums , A waste of server resources ,CPU For a long time 100%, There are always endless requests , Network congestion , Normal access aborted . This kind of attack is highly technical , There's no real source IP, We don't see very large abnormal traffic , But the server just can't connect properly .
The reason for choosing a proxy server is that a proxy can effectively hide its identity , You can also bypass the firewall , Because basically all firewalls detect concurrency TCP/IP Number of connections , Beyond a certain number, a certain frequency is considered to be Connection-Flood.
Of course, you can also use broilers to start CC attack , Use by attackers CC Attack software controls a large number of broilers to launch attacks , The broiler can simulate the request of normal users to visit the website and fake the legitimate data packets , More difficult to defend than the former .CC The attack is against Web Service attacks on layer 7 protocol , Launch on the upper layer agreement DDoS The harder an attack is to defend , The upper layer agreement is more closely related to the business , The situation facing the defense system will also be more complex .
such as CC One of the most important ways to attack HTTP Flood, Not only will it directly lead to being attacked Web Front end response is slow , It will have a fatal impact on the hosted business , It may also cause a chain reaction , Indirect attack to the backend Java Business layer logic and more back-end database services .
because CC Low attack cost 、 Powerful , Know that Chuangyu safety expert group found 80% Of DDoS Attacks are all CC attack . Bandwidth resources are seriously consumed , Website paralysis ;CPU、 Memory utilization soared , The host computer is down ; Instant quick strike , Unable to respond quickly .
DNS Query Flood
DNS As one of the core services of the Internet , Naturally also DDoS One of the main targets of the attack .
DNS Query Flood The method used is to manipulate a large number of puppet machines , Send a large number of domain name resolution requests to the target server . When the server receives a domain name resolution request , First, it will find out whether there is a corresponding cache on the server , If it cannot be found and the domain name cannot be resolved directly , To the top DNS The server recursively queries the domain name information .
Usually , The domain name that the attacker requests to resolve is randomly generated or does not exist on the network , The corresponding results cannot be found locally , The server must use recursive query to submit resolution request to the upper domain name server , Cause a chain reaction . The parsing process puts a lot of load on the server , A certain number of domain name resolution requests per second will cause DNS Server domain name resolution timeout .
According to Microsoft Statistics , a DNS The upper limit of dynamic domain name query that the server can bear is per second 9000 A request . And one P3 Of PC It can easily construct tens of thousands of domain name resolution requests per second , Enough to make a very high hardware configuration DNS The server is down , thus it can be seen DNS The vulnerability of the server .
In practice , The attacker only wants to defeat the other party , Up to now , Advanced attackers are no longer inclined to fight with a single attack , But according to the specific environment of the target system , Launch a variety of attacks , It has a huge amount of traffic , Again using protocol 、 Defects in the system , Attack as hard as you can . For the target , You have to deal with different protocols 、 Distributed attacks on different resources , analysis 、 The cost of response and processing increases significantly .
author[Chen Bucheng I],Please bring the original link to reprint, thank you.
The sidebar is recommended
- [Tencent cloud 618 countdown!] Promotion strategy of the promotion activities
- Simple and flexible permission design?
- Making daily menu applet with micro build low code
- 99% of the students can't write good code because of this problem!
- Istio practical skills: using prism to construct multi version test services
- Kubernetes practical technique: setting kernel parameters for pod
- A scheme for crawlers to collect public opinion data
- Essential key steps in the construction of e-commerce live broadcast source code
- How do websites and we media tap user needs? Deeply expose the secrets behind the keywords!
- From theory to practice, decipher Alibaba's internal MySQL optimization scheme in simple terms
guess what you like
Continuous testing | key to efficient testing in Devops Era
It's settled! Bank retail credit risk control just does it!
Encapsulate the method of converting a picture file object to Base64
The pod is evicted due to insufficient disk space of tke node
Post processing - deep camera deformation effects
Tencent released credit risk control results safely: it has helped banks lend more than 100 billion yuan
Interesting erasure code
Five minutes to develop your own code generator
How to make secruecrt more productive
About me, a 19 line programmer
- Kubernetes practical skill: entering container netns
- [programming navigation] the practical code summarized by foreign great God, learned in 30 seconds!
- Design and implementation of high performance go log library zap
- Ghost, a synonym for blog system
- Engage in audio and video development? Several things I have to say about SRT live broadcast protocol
- IOMMU (VII) -vfio and mdev
- [highlights] summary of award-winning activities of Tencent cloud documents
- The programmer's graduation project is still bald after a year
- How to solve the problem that MBR does not support partitions over 2T, and lossless transfer to GPT
- Another prize! Tencent Youtu won the leading scientific and technological achievement award of the 2021 digital Expo
- Use txvideoeditor to add watermark and export video card at 99%? No successful failed callback?
- Reset the password, and the automatic login of the website saved by chrome Google browser is lost. What is the underlying reason?
- [log service CLS] Tencent cloud log service CLS accesses CDN
- [live broadcast of celebrities] elastic observability workshop
- Smart Policing: how to use video intelligent analysis technology to help urban policing visual comprehensive supervision and command system
- SMS SMS
- WPF from zero to 1 tutorial details, suitable for novices on the road
- Dingding, Feishu, and enterprise wechat: different business approaches
- [2022 national tournament simulation] BigBen -- determinant, Du Jiao sieve
- How to do research on plant endophytes? Special topic on Microbiology
- Mlife forum | microbiome and data mining
- 105. simple chat room 8: use socket to transfer pictures
- Parse NC format file and GRB format file dependent package edu ucar. API learning of netcdfall
- Reading notes of returning to hometown
- Generate the NC file of 4-D air pressure and temperature, and then read the code (provide the code)
- Codereview tool chain for micro medicine
- Babbitt | metauniverse daily must read: 618 scores have been announced. How much contribution has the digital collection made behind this satisfactory answer
- On the value foam of digital copyright works from the controversial nature of "Meng Hua Lu"
- Use the open source tool k8tz to gracefully set the kubernetes pod time zone
- How does Argo family bucket make Devops easier?
- A hero's note stirred up a thousand waves across 10 countries, and the first-line big factories sent people here- Gwei 2022 Singapore
- MySQL foreign key impact
- Common special characters in JS and TS
- The text to voice function is available online. You can experience the services of professional broadcasters. We sincerely invite you to try it out
- Who said that "programmers are useless without computers? The big brother around me disagrees! It's true
- what the fuck! I'm flattered. He actually wrote down the answers to the redis interview questions that big companies often ask!
- Concept + formula (excluding parameter estimation)
- [database] final review (planning Edition)
- Troubleshooting and optimization of files that cannot be globally searched by ordinary users in easydss video platform customization project
- How can ffmpeg streaming to the server save video as a file through easydss video platform?