Distributed Denial of Service (DDoS) attacks use the client/server technology to combine multiple computers as an attack platform to launch DDoS attacks on one or more targets, thereby doubling the power of DDoS attacks. Typically, an attacker uses a stolen account to install a DDoS master program on a computer, and at a set time the master program will communicate with a large number of agents that have been installed on many computers on the network. Agents attack when instructed to do so. Using client/server technology, the master program can activate hundreds of agent runs in a matter of seconds.
define
Let’s start with an analogy to understand what DDOS is.
What will a group of bullies do to try to shut down a competing store across the street? Bullies, posing as ordinary customers, have been crowding rival shops, hanging on while real shoppers have not been able to enter; Or always and the salesperson have a take a take of the east pull west pull, so that the staff can not normal service customers; It can also provide false information for the operators of shops. After busy up and down the shops, they find that they are all in vain, and finally lose the real big customers and suffer heavy losses. In addition, bullies sometimes can’t do these things by themselves, so they need a lot of people. Well, DoS and DDoS attacks in cybersecurity follow these lines.
Among the three elements of information security — confidentiality, integrity, and availability, Denial of Service (DoS) attacks target availability. This attack takes advantage of the network service function defects of the target system or directly consumes its system resources, making the target system unable to provide normal services.
There are many DdoS attacks. The most basic DoS attack uses reasonable service requests to occupy too many service resources, so that legitimate users cannot receive service responses. A single DoS attack is usually one-to-one. When the target is low in CPU speed, small in memory or small in network bandwidth, its effect is obvious. With the development of computer and network technology, the processing capacity of the computer grows rapidly, the memory increases greatly, but also the network of gigabit level, which makes the difficulty of DoS attack increased – the target of malicious attack package “digestion ability” strengthened a lot. This is where distributed denial of service (DDoS) attacks come in. DDoS is the use of more bots to attack the victim on a larger scale than before.
Attack characteristics
Distributed denial of service attacks means of attack is distributed, in attack mode changed the traditional point-to-point mode of attack, the attack way appeared without law, and at the time of attack, commonly used is also a common protocols and services, so that only from the agreement and the type of service is difficult to to distinguish between attacks. During the attack, the attack packets are disguised and forged on the source IP address, so it is difficult to determine the address of the attack and search for it. As a result, distributed denial of service attacks are difficult to verify.
Attack features
The characteristics of distributed attacks can be obtained by performing the necessary analysis. Distributed denial of Service (DDOS) attacks concentrate the traffic addresses of attack targets so that congestion control does not occur during attacks. Random ports are used for attacks. A large number of packets are sent to the target through thousands of ports. A fixed port is used for attacks, and a large number of packets are sent to the same port.
What to know about DDos:
[Internet Security] DDoS attack and defense principle and actual combat
(In the content, Ali Cloud security experts explain DDoS attack and defense principles for you)
More excellent courses:
7 days to play cloud server
Redis version of the cloud database using tutorial
Play cloud storage object storage OSS introduction
Ali Cloud CDN use tutorial
Load Balancing Introduction and Product Usage Guide
Official website of Ali Yun University (Official website of Ali Yun University, Innovative Talent Workshop under cloud Ecology)