Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to judge whether the server is attacked by DDOS. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

First, why DDoS?

With the increase of Internet Internet bandwidth and the continuous release of a variety of DDoS hacker tools, the implementation of DDoS denial of service attacks is becoming easier and easier, and DDoS attacks are on the rise. Due to many factors such as business competition, retaliation and network blackmail, many IDC hosting computer rooms, commercial sites, game servers, chat networks and other network service providers have been perplexed by DDoS attacks for a long time, followed by customer complaints, involvement with virtual host users, legal disputes, business losses and so on. Therefore, solving the problem of DDoS attacks has become the top priority for network service providers.

Second, how to determine whether the server has been attacked by DDOS?

Compared with the traffic attack, resource exhaustion attack is easier to judge. If the host of the Ping website and the visiting website are normal, and suddenly the website access is very slow or inaccessible, and Ping can also Ping, it is likely to suffer from the resource exhaustion attack. At this time, if a large number of SYN_RECEIVED, TIME_WAIT, FIN_WAIT_1 and other states are observed on the server with the Netstat-na command, but the ESTABLISHED is very few. It can be determined that it must have been attacked by resource exhaustion. Another phenomenon that belongs to resource exhaustion attack is that Ping's own website host Ping is disconnected or packet loss is serious, while Ping's server on the same switch as its own host is normal. This is due to the fact that the CPU utilization of the system kernel or some applications cannot respond to Ping commands due to the attack on the website host. In fact, there is still bandwidth, otherwise the Ping will not be connected to the host on the same switch.

This is how to determine whether the server has been attacked by DDOS. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.