Shulou(Shulou.com)06/02 Report--

Many webmasters have encountered the situation that the server has been attacked, and most of them can only wait for death after being attacked. Because people generally don't know enough about attacks, many people talk about a lot of attacks and defenses, but they have no idea how the server is attacked, let alone how to deal with them.

Most of the network attacks are aimed at the network bandwidth, that is, a large number of attack packets cause the network bandwidth to be blocked, and the legitimate network packets are flooded by false attack packets and can not reach the server; in addition to the bandwidth, there are resource exhaustion attacks mainly aimed at the server hardware, that is, the inability to provide services caused by a large number of attack packets resulting in the server's memory being exhausted or the CPU kernel being occupied by the application.

The main manifestations of common attacks and coping strategies:

The first type: CC class attack

Form of expression: service unavailable prompt appears on the website; CPU occupancy rate is very high; network connection can observe a large number of ESTABLISHED connections, a single IP up to dozens or even hundreds; the website cannot be opened externally, return to normal in a short time after soft restart, and cannot be accessed after a few minutes.

Coping strategy: because the CC attack imitates real user requests, and the traffic of the attack is relatively small, it is difficult to completely defend by relying solely on the firewall in the computer room. Generally, you need to cooperate with the protection software to set the IP policy and filter abnormal IP to reduce the burden on the server.

The second type: UDP attack

Form of expression: observe the network card and find that it receives a large number of data packets every second; the network state observes that the TCP information is normal.

Coping strategy: the simplest and most effective way is to seal off the UDP packet, no matter how big UDP attacks can not affect you, those low-cost so-called unlimited defense servers come from. The disadvantage is also obvious, not only to defend against attacks, but also to prevent normal UDP traffic from entering. Renting a high-defense server with a hardware firewall can be solved perfectly.

The third type: SYN class attack

Form of expression: CPU occupies a high amount; a large number of semi-connected states can be observed in the network connection of the server, with dozens or even hundreds of single IP.

Coping strategy: the principle of SYN attack packets can be mitigated through relevant settings: reducing the number of retransmissions of SYN-ACK packets, using SYN Cookie technology, increasing backlog queues (default is 1024), and limiting the number of SYN concurrency. Renting a high-defense server with a hardware firewall can perfectly defend against such attacks.

The fourth type: TCP full connection attack

Form of expression: CPU occupies a high level; a large number of fully connected states can be observed in a network connection, with dozens or even hundreds of single IP.

Response strategy: full connection attacks are designed to bypass conventional firewalls and are now one of the most difficult attacks to defend against, exhausting server resources through a flood of normal TCP connections. Full-connection attacks require a large number of broilers, which are costly and easy to track, so you can only choose high-defense servers with professional hardware firewalls and high-traffic cleaning capabilities to resist attacks.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.